OMEGAMON Resource Class Definition From RACF To TSS Equivalent
search cancel

OMEGAMON Resource Class Definition From RACF To TSS Equivalent

book

Article ID: 17391

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Authorizing user access requires that the administrator of your external security manager perform the following procedure:

  1. Define the Resource Class name to your security package before function level security is operable. To accommodate the names of all Resources, set the MAXLNTH keyword for the ICHERCDE macro to 24.

  2. Define User access to specific functions.

    The following example shows how to authorize a User (USR1) access to the OMEGAMON II for CICS Task Kill function using RACF:

    RDEFINE nnnnnnnn cicsappl.KC2.KILL.TASK UACC(NONE)
    PERMIT cicsappl.KC2.KILL.TASK CLASS(nnnnnnnn) ID(USR1) ACCESS(READ)

    Where: v nnnnnnnn is the resource class name

    v cicsappl is the CICS APPLID
    v cicsappl.KC2.KILL.TASK is the resource name

What are the Top Secret equivalents?

Resolution

A resource class has to be defined in the Top Secret RDT record. From the RACF information here is how to define it to CA Top Secret:

TSS ADDTO(RDT) RESCLASS(KC2CLASS) ACLST(NONE,READ,ALL) MAXLEN(24) DEFACC(READ)

It should read when entering : TSS LIST(RDT) RESCLASS(KC2CLASS)

ACCESSORID = *RDT*     NAME       = RESOURCE DEFINITIONS                   
                                                                          
 RESOURCE CLASS = KC2CLASS                                                
  RESOURCE CODE = X'027'                                                  
      ATTRIBUTE = NOMASK,MAXOWN(08),MAXPERMIT(024),ACCESS                 
         ACCESS = NONE(0000),READ(4000),ALL(FFFF)                         
         DEFACC = READ                                                    
TSS0300I  LIST     FUNCTION SUCCESSFUL

Other access levels can be specified and other attributes as well.

Here it has been defined with NOMASK. It could be defined with MASK depending if you want masking characters allowed in permits for this resource.

RACF Definition:

RDEFINE nnnnnnnn cicsappl.KC2.KILL.TASK UACC(NONE)

Top Secret Equivalent:

TSS ADD(#dept) KC2CLASS(cicsappl)

RACF Definition:

PERMIT cicsappl.KC2.KILL.TASK CLASS(nnnnnnnn) ID(USR1) ACCESS(READ)

Top Secret Equivalent:

TSS PER(USR1) KC2CLASS(cicsappl.KC2.KILL.TASK)

To prevent access to it for anyone in all modes:

TSS PER(ALL) KC2CLASS(cicsappl.KC2.KILL.TASK) ACCESS(NONE) ACTION(FAIL)
Powered by Wolken Software