ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to grant a logonid access to the ACF2 CHKCERT and LIST keyring commands?

book

Article ID: 212741

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

How can a logonid(lid) be allowed to issue the CHKCERT and LIST keyring commands via ACF2 resource rules?

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

To grant access to a logonid to allow CHKCERT and LIST keyring commands access to the ACFCMD.DIGTCERT.command resources in the CASECAUT class can be used. The CASECAUT resource class defaults to TYPE(AUT).

To allow a logonid to CHKCERT any certificate access can be granted to resource ACFCMD.DIGTCERT.CHKCERT as follows.

ACF
SET RESOURCE(AUT)
RECKEY ACFCMD ADD( DIGTCERT.CHKCERT UID(logonid) SERVICE(READ,UPDATE,DELETE) ALLOW)
F ACF2,REBUILD(AUT)

To allow a logonid to LIST any Keyring access can be granted to resource ACFCMD.DIGTCERT.LISTRING as follows.

ACF
SET RESOURCE(AUT)
RECKEY ACFCMD ADD( DIGTCERT.LISTRING UID(logonid) SERVICE(READ,UPDATE,DELETE) ALLOW)
F ACF2,REBUILD(AUT)