search cancel

Convert BMC/Mainview access from RACF to Top Secret

book

Article ID: 228270

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

RACF Commands:

Securing under RACF the following parameters are used to these services:
RDEFINE $BOOLE (BBM.*.RESOLVE.*.UPDATE) UACC(NONE) RDEFINE $BOOLE (BBM.*.CSMON.*.UPDATE) UACC(NONE)

To allow access by a set of authorized users to all UPDATE services, you would specify the following statements:
PERMIT BBM.*.RESOLVE.*.UPDATE CLASS($BOOLE) – ID(FRED,SAM,SUE) ACCESS(READ)

PERMIT BBM.*.CSMON.*.UPDATE CLASS($BOOLE) – ID(FRED,SAM,SUE) ACCESS(READ)

 

Environment

Release : 16.0

Component :

Resolution

Securing under RACF the following parameters are used to these services:
RDEFINE $BOOLE (BBM.*.RESOLVE.*.UPDATE) UACC(NONE) RDEFINE $BOOLE (BBM.*.CSMON.*.UPDATE) UACC(NONE)

 Define the resource class to the RDT by issuing the following:
TSS ADD(RDT) RESCLASS($BOOLE) ATTR(LONG,MASK) ACLST(NONE=0000,CONTROL=6400,UPDATE=6000,READ=4000,ALL=FFFF)

Define the resource high level qualifier:
TSS ADD(dept) $BOOLE(BBM.)  ==>ownership of resources are done within a dept. ===> ADD to a valid dept.
  

To allow access by a set of authorized users to all UPDATE services, you would specify the following statements:
PERMIT BBM.*.RESOLVE.*.UPDATE CLASS($BOOLE) – ID(FRED,SAM,SUE) ACCESS(READ)

Issue the following permits:
TSS PERMIT(FRED) $BOOLE(BBM.*.RESOLVE.*.UPDATE) ACCESS(READ)
TSS PERMIT(SAM) $BOOLE(BBM.*.RESOLVE.*.UPDATE) ACCESS(READ)
TSS PERMIT(SUE) $BOOLE(BBM.*.RESOLVE.*.UPDATE) ACCESS(REA)