search cancel

Required ACF2 SAFDEFs for SYSB-II Product

book

Article ID: 214683

calendar_today

Updated On:

Products

ACF2 ACF2 - z/OS ACF2 - MISC

Issue/Introduction

The following are required SAFDEFs when implementing SYSB-II in an ACF2 security environment.

Resolution

For dataset security in a batch job, the following SAFDEF is required in order to override an internal SAFDEF for SVC019:

SET CONTROL(GSO) 
INSERT SAFDEF.SYSBII ID(SYSBII) RB(SVC019) RACROUTE(REQUEST=AUTH CLASS=DATASET REQSTOR=SYSBSSSM)

To allow access to functions in the CAFC ISPF Interface, the following SAFDEF is required due to STATUS=ACCESS on the RACROUTE request. This is to assure that the request will be validated without an APF check since the request is more than likely going to come from a non-APF authorized source:

SET CONTROL(GSO) 
INSERT SAFDEF.SYSBII2 ID(SYSBII2) PROGRAM(SYSB-) RB(-) NOAPFCHK RACROUTE(REQUEST=AUTH CLASS=XFACILIT STATUS=ACCESS)

To control file access in the CAFC ISPF Interface, the following SAFDEF is also required due to STATUS=ACCESS on the RACROUTE request:

SET CONTROL(GSO)
INSERT SAFDEF.SYSBII3 ID(SYSBII3) PROGRAM(SYSB-) RB(SYSB-) NOAPFCHK RACROUTE(REQUEST=AUTH,CLASS=DATASET,STATUS=ACCESS)