ACF2 setup commands for ACF2 ACF2 Security Requirements
The following are the ACF2 commands to set up CA Web Viewer 14.0 security.
* Reference: Web Viewer 14.0 Security Requirements
*
* Section: Logging In
* Requirement for Web Application Server Id:
*
SET R(FAC)
RECKEY BPX ADD( SERVER UID(ADD SERVER UID HERE) SERVICE(READ) ALLOW)
F ACF2,REBUILD(FAC)
*
SET R(SUR)
RECKEY BPX ADD( SRV.userid UID(ADD SERVER UID HERE) SERVICE(READ) ALLOW)
F ACF2,REBUILD(SUR)
*
* Requirement for Web Viewer Users:
*
* Note: Web Viewer users require an OMVS segment and READ access to applid OMVSAPPL
* to log in to the product. Please issue a SHOW CLASMAP command in TSO ACF to
* verify whether or not the APPL resource is defined in the GSO. Take note of the 3 character
* type code associated with APPL. If APPL does not appear in the SHOW CLASMAP listing,
* uncomment and run the following commands:
* SET C(GSO)
* INSERT CLASMAP.appl RESOURCE(APPL) RSRCTYPE(APL)
* F ACF2,REFRESH(CLASMAP)
*
* Replace 'APL' with the type code listed in the SHOW CLASMAP output.
SET R(APL)
RECKEY OMVSAPPL ADD( UID(ADD UID HERE) SERVICE(READ) ALLOW)
*
*
* Section: Repository Administrative Authority
* Requirement for Admin:
* Note: Replace 'CHA' with the type code for CHA1VIEW resource listed
* in the SHOW CLASMAP output. If CHA1VIEW is not listed, ACF2 will default
* to the first 3 characters in the resource name which is CHA.
*
SET R(CHA)
RECKEY WEBVWR ADD( ADMIN UID(ADD UID HERE) SERVICE(READ) ALLOW)
*
* Requirement for group admin authority:
*
RECKEY WEBVWR ADD( GROUP.groupname UID(ADD UID HERE) SERVICE(READ) ALLOW)
*
*
* Section: SMF Records
*
SET R(FAC)
RECKEY BPX ADD( SMF UID(ADD WEB SERVER UID HERE) SERVICE(READ) ALLOW)
RECKEY BPX ADD( SMF UID(ADD USER UID HERE) SERVICE(READ) ALLOW)
F ACF2,REBUILD(FAC)
*
*
* Section: Final notes
*
* Note: if type APL or type CHA from Section: Logging In and Section: Repository Administrative Authority
* are included in the GSO INFODIR record, an F ACF2,REBUILD command is required.
* To determine this, issue a TSO ACF SHOW RESIDENT command. In the output it could show up as R-RAPL or R-RCHA.
In some cases it may be necessary to grant all users READ/WRITE/EXEC access to the Deliver and View databases across the ACF2 environment.