OMEGAMON Resource Class Definition From RACF To TSS Definition

book

Article ID: 17391

calendar_today

Updated On:

Products

CA Cleanup CA Datacom - DB CA Datacom CA Datacom - AD CA Datacom - Server CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

Description:

Authorizing user access requires that the administrator of your external

security manager perform the following procedure:

  1. Define the Resource Class name to your security package before function level security is operable. To accommodate the names of all Resources, set the MAXLNTH keyword for the ICHERCDE macro to 24.

  2. Define User access to specific functions.

    The following example shows how to authorize a User (USR1) access to the OMEGAMON II for CICS Task Kill function using RACF:

    RDEFINE nnnnnnnn cicsappl.KC2.KILL.TASK UACC(NONE)
    PERMIT cicsappl.KC2.KILL.TASK CLASS(nnnnnnnn) ID(USR1) ACCESS(READ)

    Where: v nnnnnnnn is the resource class name

    v cicsappl is the CICS APPLID
    v cicsappl.KC2.KILL.TASK is the resource name

Solution:

First of all, a resource class has to be defined in the CA Top Secret RDT record.

From the RACF information here is how to define it to CA Top Secret:


TSS ADDTO(RDT) RESCLASS(KC2CLASS) ACLST(NONE,READ,ALL) MAXLEN(24) DEFACC(READ) 

It should read when entering : TSS LIS(RDT) RESCLASS(KC2CLASS)


ACCESSORID = *RDT*     NAME       = RESOURCE DEFINITIONS                   
                                                                          
 RESOURCE CLASS = KC2CLASS                                                
  RESOURCE CODE = X'027'                                                  
      ATTRIBUTE = NOMASK,MAXOWN(08),MAXPERMIT(024),ACCESS                 
         ACCESS = NONE(0000),READ(4000),ALL(FFFF)                         
         DEFACC = READ                                                    
TSS0300I  LIST     FUNCTION SUCCESSFUL        

Other access levels can be specified and other attributes as well.

Here it has been defined with NOMASK. It could be defined with MASK depending if you want masking characters allowed in permits for this resource.

RACF Definition:


RDEFINE nnnnnnnn cicsappl.KC2.KILL.TASK UACC(NONE) 

TSS Definition:


TSS ADD(#dept) KC2CLASS(cicsappl) 

RACF Definition:


PERMIT cicsappl.KC2.KILL.TASK CLASS(nnnnnnnn) ID(USR1) ACCESS(READ) 

TSS Definition:


TSS PER(USR1) KC2CLASS(cicsappl.KC2.KILL.TASK) 

To prevent access to it for anyone in all modes:


TSS PER(ALL) KC2CLASS(cicsappl.KC2.KILL.TASK) ACCESS(NONE) ACTION(FAIL)

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: