ACF2 syntax for Datacom DTSUTIL Resources

book

Article ID: 196251

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

What is the ACF2 rule syntax to grant authorization to  DTUTIL resources BACKUP.CXX , INIT.CXX and LOAD.CXX  to a userid(logonid). 
 
 

Environment

Release : 16.0

Component : ACF2-MVS, DATACOM 15.1

Resolution

There is a section in the Datacom documentation that provides sample ACF2 rules for the DTSUTIL resources.

CA Datacom/AD 15.1 / CA Datacom Security in CA 7 / ACF2 / DTU :

DTU 

The DTU resource type is used to identify user access to DBUTLTY which is the base utility that performs reporting and maintenance for the CA Datacom environment.

The DTU resource type is used to identify CA Datacom product utility functions and the users who are allowed to execute them. Each resource in the DTU type represents one CA Datacom product function. The resource format varies within and for each of the three products it supports.

Sample for setting Systems Programmer and user access (Backup and SPILL jobs) to the DTU Resource type:

ACF
SET RESOURCE(DTU)
RECKEY cxxname ADD(- UID(spguid) ALLOW)
RECKEY cxxname ADD(- UID(bkupid) ALLOW) 
 
Note BKUPID does not need access to DCT to perform backups or spills.

Valid DTSUTIL Resources related to BACKUP, INIT and LOAD
BACKUP.CXX    
BACKUP.DATA
INIT.CXX    
INIT.DATA 
INIT.IXX 
INIT.LXX    
INIT.WXX    
LOAD.CXX    
LOAD.CXXBASE 
LOAD.DATA 

Sample Rules

ACF
SET RESOURCE(DTU)
RECKEY BACKUP ADD(- UID(spguid) ALLOW)
RECKEY INIT ADD(- UID(bkupid) ALLOW)
RECKEY LOAD ADD(- UID(bkupid) ALLOW)

For addition Datacom DTSUTIL resources see section: "DBUTLTY Resource List" in the Datacom Documentation.