IS the an ACF2 equivalent to defining the SERVAUTH class?

book

Article ID: 191652

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

Hi,

  We have been using AT-TLS for quite a while. We started testing IMS Connect and one of the migration/configuration steps is: 
  1. Activate the RACF® SERVAUTH class.????
    1. Issue the following command from TSO:
      1. SETROPTS CLASSACT(SERVAUTH)
    2. Set up InitStack access control:
      1. Define the EZB.INITSTACK.SYSNAME.TCPNAMEprofile for each AT-TLS stack.
      2. Permit administrative applications to use the stack before AT-TLS is initialized.
      3. The following is sample JCL to set up InitStack access control (based on the member EZARACF in sample data set SEZAINST):
SETROPTS RACLIST (SERVAUTH)                                           
SETROPTS CLASSACT(SERVAUTH)                                           
SETROPTS GENERIC (SERVAUTH)                                           
RDEFINE SERVAUTH EZB.INITSTACK.SYSNAME.TCPNAME UACC(NONE)
PERMIT EZB.INITSTACK.SYSNAME.TCPIP CLASS(SERVAUTH) ID(*) ACCESS(READ) -
       WHEN(PROGRAM(PAGENT,EZAPAGEN))                                 
SETROPTS GENERIC(SERVAUTH) REFRESH                                    
SETROPTS RACLIST(SERVAUTH) REFRESH                                    
SETROPTS WHEN(PROGRAM) REFRESH   

Is there an equivalent ACF2 definition?  Is this required even though we've been using AT-TLS for CICS & DB2 and have PAGENT active. I see there is a definition in CAX1JCL0(ACFMFSEC)  definiting it specifically for using with z/OSMF
SET RESOURCE(SER)                                         
RECKEY EZB ADD(INITSTACK.sysname.tcpname ROLE(IZUADMIN) - 
SERVICE(READ) ALLOW)

 Do you see this as a requirement for this particular application even though as I mention other apps are working?  Thanks                                    
                  

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

ACF2 provides default (internal) CLASMAP records to specify the 3 character ACF2 resource type code.

The ACF2 default for SERVAUTH can be seen by issuing ACF command 'SHOW CLASSMAP':
******** SERVAUTH SER 64 558