TAMz Elevated access for OMVS

book

Article ID: 208282

calendar_today

Updated On:

Products

CA Trusted Access Manager for Z

Issue/Introduction

How TAMz elevations can change UID/GID for OMVS to allow access.

Trying to write to the file as an owner with an elevated user. OMVS checks for that user's UID and isn't allowing access. 

Environment

Release : 1.1

Component : CCS390 - CA COMMON SERVICES FOR Z/OS

Resolution

TAMz will not allow switching to the users UID in OMVS. However, TAMz will allow you to add GIDs to a user. Which if you write a BPX.SRV SURROGAT resource to the end users. Will allow TAMz to elevate to the gid.

You can then change the access permissions on the Unix file to 775, allowing group access, and the user should now be able to write to that file.

Steps to take:

  • Create a user with a specific UID
  • Define a SURROGAT
  • Permit a RACF group rule to switch to that user without a password
  • Use TAMz to elevate user to new group. This will allow user to change OMVS with SU -s LID