RACF Commands for Web Viewer 14.0
search cancel

RACF Commands for Web Viewer 14.0

book

Article ID: 206898

calendar_today

Updated On:

Products

Output Management Web Viewer

Issue/Introduction

Need RACF Sample Web Viewer 14.0 Security Requirements 

 

 

Environment

Release : 14.0

Component : Output Management Web Viewer

View

IBM RACF

Resolution

Here are the sample RACF commands for Web Viewer 14.0:

Section: Logging In 

Requirement for Web Application Server Id:

RDEFINE FACILITY BPX.SERVER UACC(NONE)
PERMIT BPX.SERVER CLASS(FACILITY) ID(ADD SERVER UID HERE) ACCESS(READ)
SETR RACLIST(FACILITY) REFRESH
 
RDEFINE SURROGAT SRV.userid UACC(NONE)
PERMIT SRV.userid CLASS(SURROGAT) ID(ADD SERVER UID HERE) ACCESS(READ)
SETR RACLIST(SURROGAT) REFRESH 

Requirement for Web Viewer Users:

Note: Web Viewer users require an OMVS segment and READ access to applid OMVSAPPL to log in to the product. 
 
RDEFINE APPL OMVSAPPL UACC(NONE)
PERMIT OMVSAPPL CLASS(APPL) ID(ADD USER UID HERE) ACCESS(READ)
SETR RACLIST(APPL) REFRESHSection: Repository Administrative Authority

Requirement for Admin:

RDEFINE CHA1VIEW WEBVWR.ADMIN UACC(NONE)
PERMIT WEBVWR.ADMIN CLASS(CHA1VIEW) ID(ADD USER UID HERE) ACCESS(READ)
SETR RACLIST(CHA1VIEW) REFRESH

Requirement for group admin authority:

RDEFINE CHA1VIEW WEBVWR.GROUP.groupname UACC(NONE)
PERMIT WEBVWR.GROUP.groupname CLASS(CHA1VIEW) ID(ADD GROUP NAME HERE) ACCESS(READ)
SETR RACLIST(CHA1VIEW) REFRESH

Section: SMF Records

RDEFINE FACILITY BPX.SMF UACC(NONE)
PERMIT BPX.SMF CLASS(FACILITY) ID(ADD SERVER UID HERE) ACCESS(READ)
PERMIT BPX.SMF CLASS(FACILITY) ID(ADD USER UID HERE) ACCESS(READ)
SETR RACLIST(FACILITY) REFRESH

Additional Information

Also please see the section RACF Security Requirements in the online documentation for Web Viewer 14.0 for additional RACF requirements.

Web Viewer r14 uses the SURROGAT facility to logon as the user.  The STC acid must have BPX.SEFVER access and BPX.SRV.userid access as listed in the documentation.
For the SURROGAT facility RACF requires that both the STC acid and the logged in user have access to any resources.
That’s meant to be covered by the following note in the documentation:
RACF requires that both the logged in user and the id (ACID) of the web application server have access to CA View repositories and reports.

CHA1VIEW is the class that is used by View for the resource calls - so please refer to the Implementing External Security for RACF in the View manual for that information.

Powered by Wolken Software