How do I setup Resource rules for the CPSMOBJ Resource Class which controls access to CICSPlex SM resources?

book

Article ID: 16843

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction



How do I setup Resource rules for the CPSMOBJ Resource Class which controls access to CICSPlex SM resources?

Environment

Release:
Component: ACF2MS

Resolution

The resource class CPSMOBJ controls access to CICSPlex SM resources. 

The resource class CPSMOBJ default to TYPE(SAF). Generally sites will map new resource classes to a unique type code to facilitate resource rule management since writing rules for multiple products/applications under the same TYPE(SAF) can be confusing. 

The following ACF2 commands can be used to map the CPSMOBJ resouce to a unique TYPE code. Note that you can use any unique three character TYPE code that fits your site's standards.                                               

ACF                                                                          
SET CONTROL(GSO)                                                              
INSERT CLASMAP.CPSMOBJ RESOURCE(CPSMOBJ) RSRCTYPE(OBJ) ENTITYLN(44)          
F ACF2,REFRESH(CLASMAP)                                                       

SET C(GSO)                                                                    
CHANGE INFODIR TYPES(R-ROBJ) ADD                                              
F ACF2,REFRESH(INFODIR)                                                       

ACF2 Resource  rules that are equivalent to the RACF PERMITs follow.          

ACF
SET RESOURCE(OBJ)                                                            
RECKEY ******** ADD(- UID(UID string for SYSPGRP) SERVICE(READ) ALLOW)        
RECKEY BAS ADD( - UID(UID string for SYSPGRP) SERVICE(ADD) ALLOW)            
RECKEY TOPOLOGY ADD( - UID(UID string for OPSGRP) SERVICE(UPDATE) ALLOW)      
RECKEY TOPOLOGY ADD( - UID(UID string for HELPGRP) SERVICE(READ) ALLOW)      
RECKEY ANALYSIS ADD( - UID(UID string for OPSGRP) SERVICE(UPDATE) ALLOW)      
RECKEY ANALYSIS ADD( - UID(UID string for HELPGRP) SERVICE(READ) ALLOW)      
RECKEY ANALYSIS ADD( - UID(UID string for PERFGRP) SERVICE(READ) ALLOW)      
RECKEY OPERATE ADD( - UID(UID string for OPSGRP) SERVICE(UPDATE) ALLOW)      
RECKEY OPERATE ADD( - UID(UID string for HELPGRP) SERVICE(READ) ALLOW)  
RECKEY OPERATE ADD( - UID(UID string for APPLGRP) SERVICE(READ) ALLOW)  
RECKEY OPERATE ADD( - UID(UID string for PERFGRP) SERVICE(READ) ALLOW)  
RECKEY MONITOR ADD( - UID(UID string for APPLGRP) SERVICE(READ) ALLOW)  
RECKEY MONITOR ADD( - UID(UID string for PERFGRP) SERVICE(READ) ALLOW)  
RECKEY BAS ADD( - UID(UID string for OPSGRP) SERVICE(ADD) ALLOW)        
RECKEY BAS ADD( - UID(UID string for APPLGRP) SERVICE(UPDATE) ALLOW)     

F ACF2,REBUILD(OBJ)