OMEGAMON Resource Class Definition From RACF To TSS Definition
search cancel

OMEGAMON Resource Class Definition From RACF To TSS Definition

book

Article ID: 17391

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Description:

Authorizing user access requires that the administrator of your external

security manager perform the following procedure:

  1. Define the Resource Class name to your security package before function level security is operable. To accommodate the names of all Resources, set the MAXLNTH keyword for the ICHERCDE macro to 24.

  2. Define User access to specific functions.

    The following example shows how to authorize a User (USR1) access to the OMEGAMON II for CICS Task Kill function using RACF:

    RDEFINE nnnnnnnn cicsappl.KC2.KILL.TASK UACC(NONE)
    PERMIT cicsappl.KC2.KILL.TASK CLASS(nnnnnnnn) ID(USR1) ACCESS(READ)

    Where: v nnnnnnnn is the resource class name

    v cicsappl is the CICS APPLID
    v cicsappl.KC2.KILL.TASK is the resource name

Solution:

First of all, a resource class has to be defined in the CA Top Secret RDT record.

From the RACF information here is how to define it to CA Top Secret: 


TSS ADDTO(RDT) RESCLASS(KC2CLASS) ACLST(NONE,READ,ALL) MAXLEN(24) DEFACC(READ)

It should read when entering : TSS LIS(RDT) RESCLASS(KC2CLASS) 


ACCESSORID = *RDT*     NAME       = RESOURCE DEFINITIONS                   
                                                                          
 RESOURCE CLASS = KC2CLASS                                                
  RESOURCE CODE = X'027'                                                  
      ATTRIBUTE = NOMASK,MAXOWN(08),MAXPERMIT(024),ACCESS                 
         ACCESS = NONE(0000),READ(4000),ALL(FFFF)                         
         DEFACC = READ                                                    
TSS0300I  LIST     FUNCTION SUCCESSFUL

Other access levels can be specified and other attributes as well.

Here it has been defined with NOMASK. It could be defined with MASK depending if you want masking characters allowed in permits for this resource.

RACF Definition: 


RDEFINE nnnnnnnn cicsappl.KC2.KILL.TASK UACC(NONE)

TSS Definition: 


TSS ADD(#dept) KC2CLASS(cicsappl)

RACF Definition: 


PERMIT cicsappl.KC2.KILL.TASK CLASS(nnnnnnnn) ID(USR1) ACCESS(READ)

TSS Definition: 


TSS PER(USR1) KC2CLASS(cicsappl.KC2.KILL.TASK)

To prevent access to it for anyone in all modes: 


TSS PER(ALL) KC2CLASS(cicsappl.KC2.KILL.TASK) ACCESS(NONE) ACTION(FAIL)

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:
Powered by Wolken Software