search cancel

Defining IBM Workload Scheduler z/OS to Top Secret

book

Article ID: 215031

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Defining IBM workload scheduler to Top Secret?  Particularly in the area of FACILTY definition.  

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

RACF convert to TSS cmds for Tivoli Workload Scheduler (TWS).

The Facility  a rename a predefined USER facility (there are 222 of them:

 FACILITY(USERnn=NAME=TWS)
 FACILITY(TWS=ID=TW)
 FACILITY(TWS=PGM=xxx)
 FACILITY(TWS=RES)

FACILITY(USERnn=NAME=TWS)
 where 'nn' is the number of a USERnn facility not in use (ie USER25).
 FACILITY(TWS=ID=TW)
 FACILITY(TWS=PGM=xxx)
 where 'xxx' is the first 3 letters of the program that starts TWS.
 FACILITY(TWS=RES)

Define the AUTHDEF RESCLASS to TOP SECRET
 -----------------------------------------
 
 TSS ADD(RDT) RESCLASS(AUTHDEF) ACLST(READ,UPDATE,ALL)
     ATTR(GENERIC,LONG,MASK) DEFACC(READ) MAXLEN(44)
 
 Define TWS resource to TOP SECRET as protected.
 ------------------------------------------------
 
 Here is the first page of your table converted to TSS commands.
 
 TSS ADD(owningacid) AUTHDEF(OPC1)
 TSS ADD(owningacid) AUTHDEF(OPT1)
 TSS ADD(owningacid) AUTHDEF(AD)
 TSS ADD(owningacid) AUTHDEF(BKP)
 TSS ADD(owningacid) AUTHDEF(CL)
 TSS ADD(owningacid) AUTHDEF(CMAC)
 TSS ADD(owningacid) AUTHDEF(CP)
 TSS ADD(owningacid) AUTHDEF(ETT)
 TSS ADD(owningacid) AUTHDEF(EXEC)
 TSS ADD(owningacid) AUTHDEF(JS)
 ....
 ....
 ....
 
 Authoized PROFILES to TWS resources.
 -------------------------------------

 TSS PER(OPCPROD) AUTHDEF(CPO.DNV) ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF(CPO.DNV) ACC(UPDATE)
 
 TSS PER(OPCPROD) AUTHDEF('ETT') ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF('ETT') ACC(UPDATE)
 
 TSS PER(OPCSUPT) AUTHDEF('EXEC') ACC(UPDATE)
 TSS PER(OPCPROD) AUTHDEF('EXEC') ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF('EXEC') ACC(UPDATE)
 
 TSS PER(OPCSUPT) AUTHDEF('JS') ACC(UPDATE)
 TSS PER(OPCPROD) AUTHDEF('JS') ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF('JS') ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF(JS.OWNER) ACC(UPDATE)
 TSS PER(OPCPROD) AUTHDEF(JS.OWNER) ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF(JS.OWNER) ACC(UPDATE)
 
 TSS PER(OPCSUPT) AUTHDEF(JSO.D) ACC(UPDATE)
 TSS PER(OPCPROD) AUTHDEF(JSO.D) ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF(JSO.D) ACC(UPDATE)

 

 TSS PER(OPCREAD) AUTHDEF(OPC1) ACC(READ)
 TSS PER(OPCOPER) AUTHDEF(OPC1) ACC(READ)
 TSS PER(OPCPROD) AUTHDEF(OPC1) ACC(READ)
 TSS PER(OPCSUPT) AUTHDEF(OPC1) ACC(READ)
 TSS PER(OPCREAD) AUTHDEF(OPT1) ACC(READ)
 TSS PER(OPCOPER) AUTHDEF(OPT1) ACC(READ)
 TSS PER(OPCPROD) AUTHDEF(OPT1) ACC(READ)
 TSS PER(OPCSUPT) AUTHDEF(OPT1) ACC(READ)
 
 TSS PER(OPCPROD) AUTHDEF('AD') ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF('AD') ACC(UPDATE)
 TSS PER(OPCPROD) AUTHDEF(AD.OWNER) ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF(AD.OWNER) ACC(UPDATE)
 
 TSS PER(OPCPROD) AUTHDEF(ADO.DNV) ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF(ADO.DNV) ACC(UPDATE)
 
 TSS PER(OPCPROD) AUTHDEF(BKP) ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF(BKP) ACC(UPDATE)
 
 TSS PER(OPCPROD) AUTHDEF(CL) ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF(CL) ACC(UPDATE)
 
 TSS PER(OPCSUPT) AUTHDEF(CMAC) ACC(UPDATE)
 TSS PER(OPCPROD) AUTHDEF(CMAC) ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF(CMAC) ACC(UPDATE)
 
 TSS PER(OPCSUPT) AUTHDEF('CP') ACC(UPDATE)
 TSS PER(OPCPROD) AUTHDEF('CP') ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF('CP') ACC(UPDATE)
 TSS PER(OPCSUPT) AUTHDEF(CPO.DNV) ACC(UPDATE)
 TSS PER(OPCPROD) AUTHDEF(CPO.DNV) ACC(UPDATE)