RACF Commands for Web Viewer 14.0

book

Article ID: 206898

calendar_today

Updated On:

Products

CA Output Management Web Viewer

Issue/Introduction

Need RACF Sample Web Viewer 14.0 Security Requirements 

 

 

Environment

Release : 14.0

Component : CA Output Management Web Viewer

IBM RACF

Resolution

Here are the sample RACF commands for Web Viewer 14.0:

Section: Logging In 

Requirement for Web Application Server Id:

RDEFINE FACILITY BPX.SERVER UACC(NONE)
PERMIT BPX.SERVER CLASS(FACILITY) ID(ADD SERVER UID HERE) ACCESS(READ)
SETR RACLIST(FACILITY) REFRESH
 
RDEFINE SURROGAT SRV.userid UACC(NONE)
PERMIT SRV.userid CLASS(SURROGAT) ID(ADD SERVER UID HERE) ACCESS(READ)
SETR RACLIST(SURROGAT) REFRESH 

Requirement for Web Viewer Users:

Note: Web Viewer users require an OMVS segment and READ access to applid OMVSAPPL to log in to the product. 
 
RDEFINE APPL OMVSAPPL UACC(NONE)
PERMIT OMVSAPPL CLASS(APPL) ID(ADD USER UID HERE) ACCESS(READ)
SETR RACLIST(APPL) REFRESHSection: Repository Administrative Authority

Requirement for Admin:

RDEFINE CHA1VIEW WEBVWR.ADMIN UACC(NONE)
PERMIT WEBVWR.ADMIN CLASS(CHA1VIEW) ID(ADD USER UID HERE) ACCESS(READ)
SETR RACLIST(CHA1VIEW) REFRESH

Requirement for group admin authority:

RDEFINE CHA1VIEW WEBVWR.GROUP.groupname UACC(NONE)
PERMIT WEBVWR.GROUP.groupname CLASS(CHA1VIEW) ID(ADD GROUP NAME HERE) ACCESS(READ)
SETR RACLIST(CHA1VIEW) REFRESH

Section: SMF Records

RDEFINE FACILITY BPX.SMF UACC(NONE)
PERMIT BPX.SMF CLASS(FACILITY) ID(ADD SERVER UID HERE) ACCESS(READ)
PERMIT BPX.SMF CLASS(FACILITY) ID(ADD USER UID HERE) ACCESS(READ)
SETR RACLIST(FACILITY) REFRESH

Additional Information

Also please see the section Security Requirements in the online documentation for Web Viewer 14.0 for additional RACF requirements.

Web Viewer r14 uses the SURROGAT facility to logon as the user.  The STC acid must have BPX.SEFVER access and BPX.SRV.userid access as listed in the documentation.
For the SURROGAT facility RACF requires that both the STC acid and the logged in user have access to any resources.
That’s meant to be covered by the following note in the documentation:
RACF requires that both the logged in user and the id (ACID) of the web application server have access to CA View repositories and reports.

CHA1VIEW is the class that is used by View for the resource calls - so please refer to the External Security Section of the CA View manual for that information.

Powered by Wolken Software