ACF2 Command Translation for Omegamon v5.5 RACF commands
Article ID: 217333
Updated On:
Products
Issue/Introduction
ACF2 setup commands for IBM Omegamon v5.5
Resolution
The following are the ACF2 equivalent commands for the RACF commands for IBM Omegamon v5.5
* 4. Define a SAF general resource named $KOBSEC
* The SAF general resource class must have the following CDT characteristics (DCT entry values):
* CASE(UPPER)
* FIRST(ALPHA,NATIONAL)
* OTHER(ALPHA,SPECIAL,NUMERIC,NATIONAL)
* MAXLENGTH(246)
* MAXLENX(246)
* KEYQUALIFIERS(0)
* PROFILESALLOWED(YES)
* GENERIC(ALLOWED)
* RACLIST(REQUIRED)
*
*
* ACF
SET CONTROL(GSO)
INSERT CLASMAP.$KOBSEC ENTITYLN(246) MUSID() RESOURCE($KOBSEC) RSRCTYPE(KOB)
CHANGE INFODIR TYPES(R-RKOB) ADD
F ACF2,REFRESH(CLASMAP)
F ACF2,REFRESH(INFODIR)
*
*
* 5. Define LOGON profiles to control access to the interface:
* RDEFINE $KOBSEC KOB.LOGON.** UACC(NONE)
* RDEFINE $KOBSEC O4SRV.** UACC(NONE)
* RDEFINE $KOBSEC KOBUI.** UACC(NONE)
* RDEFINE $KOBSEC KOBUI.USER.** UACC(NONE)
* RDEFINE $KOBSEC KOBUI.ADMIN.** UACC(NONE)
* RDEFINE $KOBSEC KOBUI.ADMIN.USEHUB.* UACC(NONE)
* RDEFINE $KOBSEC KOBUI.ADMIN.SITEDITOR UACC(NONE)
* RDEFINE $KOBSEC KOBUI.ADMIN.OBJECTEDITOR UACC(NONE)
* RDEFINE $KOBSEC SYSTEM.** UACC(NONE)
*
* 6. Define Take Action profiles to control access to data actions:
* RDEFINE $KOBSEC KM5.**.TAKEACTION UACC(NONE)
*
* 7. Define query profiles to control access to data sources:
* RDEFINE $KOBSEC KM5.** UACC(NONE)
*
*
* 5-7 are not needed in ACF2. Resources are protected by default.
*
*
* 8. Permit access to profiles for MPCM team (XCGROUP):
* PERMIT KOB.LOGON.** ID(XCGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT O4SRV.** ID(XCGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KOBUI.** ID(XCGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KOBUI.USER.** ID(XCGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KOBUI.ADMIN.** ID(XCGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KOBUI.ADMIN.SITEDITOR ID(XCGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KOBUI.ADMIN.OBJECTEDITOR ID(XCGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KOBUI.ADMIN.USEHUB.** ID(XCGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT SYSTEM.** ID(XCGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KM5.**.TAKEACTION ID(XCGROUP) ACCESS(UPDATE) CLASS($KOBSEC)
* PERMIT KM5.** ID(XCGROUP) ACCESS(READ) CLASS($KOBSEC)
*
* Note: these rules assume the appropriate LIDs have been assigned
* to the XCGROUP role.
*
*ACF
SET R(KOB)
RECKEY KOB ADD( LOGON.- ROLE(XCGROUP) SERVICE(READ) ALLOW)
RECKEY O4SRV ADD( - ROLE(XCGROUP) SERVICE(READ) ALLOW)
RECKEY KOBUI ADD( - ROLE(XCGROUP) SERVICE(READ) ALLOW)
RECKEY SYSTEM ADD( - ROLE(XCGROUP) SERVICE(READ) ALLOW)
RECKEY KM5 ADD( -.TAKEACTION ROLE(XCGROUP) SERVICE(UPDATE) ALLOW)
RECKEY KM5 ADD( - ROLE(XCGROUP) SERVICE(READ) ALLOW)
F ACF2,REBUILD(KOB)
*
*
* 9. Permit access to profiles for MSS team (XAGROUP):
* PERMIT KOB.LOGON.** ID(XAGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT O4SRV.** ID(XAGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KOBUI.** ID(XAGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KOBUI.USER.** ID(XAGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KOBUI.ADMIN.** ID(XAGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KOBUI.ADMIN.SITEDITOR ID(XAGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KOBUI.ADMIN.OBJECTEDITOR ID(XAGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KOBUI.ADMIN.USEHUB.** ID(XAGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT SYSTEM.** ID(XAGROUP) ACCESS(READ) CLASS($KOBSEC)
* PERMIT KM5.**.TAKEACTION ID(XAGROUP) ACCESS(UPDATE) CLASS($KOBSEC)
* PERMIT KM5.** ID(XAGROUP) ACCESS(READ) CLASS($KOBSEC)
*
* Note: these rules assume the appropriate LIDs have been assigned
* to the XAGROUP role.
*
*ACF
SET R(KOB)
RECKEY KOB ADD( LOGON.- ROLE(XAGROUP) SERVICE(READ) ALLOW)
RECKEY O4SRV ADD( - ROLE(XAGROUP) SERVICE(READ) ALLOW)
RECKEY KOBUI ADD( - ROLE(XAGROUP) SERVICE(READ) ALLOW)
RECKEY SYSTEM ADD( - ROLE(XAGROUP) SERVICE(READ) ALLOW)
RECKEY KM5 ADD( -.TAKEACTION ROLE(XAGROUP) SERVICE(UPDATE) ALLOW)
RECKEY KM5 ADD( - ROLE(XAGROUP) SERVICE(READ) ALLOW)
F ACF2,REBUILD(KOB)
Feedback
