How do I setup Resource rules for the CPSMOBJ Resource Class which controls access to CICSPlex SM resources?
The resource class CPSMOBJ controls access to CICSPlex SM resources.
The resource class CPSMOBJ default to TYPE(SAF). Generally sites will map new resource classes to a unique type code to facilitate resource rule management since writing rules for multiple products/applications under the same TYPE(SAF) can be confusing.
The following ACF2 commands can be used to map the CPSMOBJ resouce to a unique TYPE code. Note that you can use any unique three character TYPE code that fits your site's standards.
ACF
SET CONTROL(GSO)
INSERT CLASMAP.CPSMOBJ RESOURCE(CPSMOBJ) RSRCTYPE(OBJ) ENTITYLN(44)
F ACF2,REFRESH(CLASMAP)
SET C(GSO)
CHANGE INFODIR TYPES(R-ROBJ) ADD
F ACF2,REFRESH(INFODIR)
ACF2 Resource rules that are equivalent to the RACF PERMITs follow.
ACF
SET RESOURCE(OBJ)
RECKEY ******** ADD(- UID(UID string for SYSPGRP) SERVICE(READ) ALLOW)
RECKEY BAS ADD( - UID(UID string for SYSPGRP) SERVICE(ADD) ALLOW)
RECKEY TOPOLOGY ADD( - UID(UID string for OPSGRP) SERVICE(UPDATE) ALLOW)
RECKEY TOPOLOGY ADD( - UID(UID string for HELPGRP) SERVICE(READ) ALLOW)
RECKEY ANALYSIS ADD( - UID(UID string for OPSGRP) SERVICE(UPDATE) ALLOW)
RECKEY ANALYSIS ADD( - UID(UID string for HELPGRP) SERVICE(READ) ALLOW)
RECKEY ANALYSIS ADD( - UID(UID string for PERFGRP) SERVICE(READ) ALLOW)
RECKEY OPERATE ADD( - UID(UID string for OPSGRP) SERVICE(UPDATE) ALLOW)
RECKEY OPERATE ADD( - UID(UID string for HELPGRP) SERVICE(READ) ALLOW)
RECKEY OPERATE ADD( - UID(UID string for APPLGRP) SERVICE(READ) ALLOW)
RECKEY OPERATE ADD( - UID(UID string for PERFGRP) SERVICE(READ) ALLOW)
RECKEY MONITOR ADD( - UID(UID string for APPLGRP) SERVICE(READ) ALLOW)
RECKEY MONITOR ADD( - UID(UID string for PERFGRP) SERVICE(READ) ALLOW)
RECKEY BAS ADD( - UID(UID string for OPSGRP) SERVICE(ADD) ALLOW)
RECKEY BAS ADD( - UID(UID string for APPLGRP) SERVICE(UPDATE) ALLOW)
F ACF2,REBUILD(OBJ)