ACF2 equivalent of RACF for Data Provider (CDP) implementation
Article ID: 194640
Updated On:
Products
Issue/Introduction
Translate RACF commands to ACF2 for Data Provider(CDP) implementation.
Environment
Release : 16.0
Component : CA ACF2 for z/OS
Resolution
Below are the translated ACF2 equivalent of RACF requirement for Data Provider (CDP)
STC Name STC Description OMVS segment home dir
-------------- ---------------------------- -----------------------------------------------
*HBODSPRO CDP’s Data Streamer started task /U/hbodspro
ACF
SET LID
INSERT HBODSPRO GROUP(OMVSGRP) UID(111) HOME(/U/hbodspro) -
OMVSPGM(/bin/sh)) STC
-----------------------------------------------------------------
*HBOPROC CDP’s Log Forwarder started task /U/hboproc
ACF
SET LID
INSERT HBOPROC GROUP(OMVSGRP) UID(111) HOME(/U/hboproc) -
OMVSPGM(/bin/sh)) STC
-----------------------------------------------------------------
*HBOSMF CDP’s System Data Engine started task /U/hbosmf
ACF
SET LID
INSERT HBOSMF GROUP(OMVSGRP) UID(111) HOME(/U/hbosmf) -
OMVSPGM(/bin/sh)) STC
----------------------------------------------------------------------------------------
*ADDUSER HBOLGF DFLTGRP(OMVS) NOPASSWORD OMVS(UID(111) -
HOME('/U/hbolgf'))
ACF
SET LID
INSERT HBOLGF GROUP(OMVSGRP) UID(111) HOME(/U/hbolgf) -
OMVSPGM(/bin/sh) STC
-----------------------------------------------------------------------------------------
/* RDEFINE define protected resources */
There is no translation for this in CA ACF2. CA ACF2 uses a default
protection scheme, which assumes that the resource is protected.
This default scheme requires that rules be written to allow access
to a resource.
RDEFINE STARTED HBOPROC.* STDATA(USER(HBOLGF))
RDEFINE STARTED HBOSMF.* STDATA(USER(HBOLGF))
RDEFINE STARTED HBODSPRO.* STDATA(USER(HBOLGF))
RDEFINE FACILITY BPX.CONSOLE UACC(NONE)
RDEF FACILITY IFASMF.SMFDFLT.INMEM
----------------------------------------------------------------------------------------------
/* PERMIT access to a dataset */
/* PERMIT BPX.CONSOLE CLASS(FACILITY) ID(HBOLGF) ACCESS(READ)
ACF
SET R(FAC)
RECKEY BPX ADD(CONSOLE UID(uid-for-hboglf) SERVICE(READ) ALLOW)
/* PERMIT IFASMF.SMFDFLT.INMEM CLASS(FACILITY) ACCESS(READ) ID(HBOLGF)
ACF
SET R(FAC)
RECKEY IFASMF ADD(SMFDFLT.INMEM UID(uid-for-hbolgf) SERVICE(READ) ALLOW)
-----------------------------------------------------------------------------------------------
For refreshing resource rules that are globally resident, CA ACF2 uses the
F ACF2, REBUILD(FAC) command.
For locally resident rules, the SETNORUL command releases the old copies
of rules in an address space forcing the address space to acquire new copies.
/* SETROPTS RACLIST(OPERCMDS) REFRESH
/* SETROPTS RACLIST(FACILITY) REFRESH
F ACF2,REBUILD(OPR)
F ACF2,REBUILD(FAC)
/* SETROPTS RACLIST(STARTED) REFRESH
/* SETROPTS GENERIC(STARTED) REFRESH
F ACF2, REFRESH(STC)
-----------------------------------------------------------------------------------------------
There is some ambiguity in the requested translation from RACF.
Unclear if all 3 STC's, HBODSPRO, HBOPROC and HBOSMF along with the OMVS segment and dir
will be used or if HBOLGF is the primary ID since the following suggests that it is :
/* RDEFINE STARTED HBOPROC.* STDATA(USER(HBOLGF))
/* RDEFINE STARTED HBOSMF.* STDATA(USER(HBOLGF))
/* RDEFINE STARTED HBODSPRO.* STDATA(USER(HBOLGF))
*** There is no translation in ACF2 for the above, however, this can be accomplished using GSO STC record to assign all three in the GSO STC record.
This will mirror the RDEFINE statements above.
- sample GSO / STC record build -
ACF
SET C(GSO)
INSERT STC.CPQ LOGONID(HBOLGF) STCID(HBO-)
(F ACF2, REFRESH - is needed to activate changes to the GSO records.)
However, you need to ascertain what OMVS segment and dir will be used for userid HBOLGF and modify these in the HBOLGF userid record.
Additional Information
Feedback
