When setting up security for IBM Z System Automation 4.3, the appropriate ACF2 commands (converted from RACF) are required.
The IBM RACF details are found at:
https://www.ibm.com/docs/en/z-system-automation/4.3.0?topic=configuring-security-authorization
NOTE that the default access is always NO ACCESS in these examples:
/*-------------------------------------------------------------------/
/* Define resource profiles in class SYSAUTO to control access to
/* automation resources.
/* -------------------------------------------------------------------/
/*
RDEFINE SYSAUTO AGT.*.*.RES._CONFIG UACC(NONE) +
DATA('Protects the automation configuration data model')
RDEFINE SYSAUTO AGT.*.*.RES._MANAGER UACC(NONE)+
DATA('Protects control of the Automation Manager in general')
RDEFINE SYSAUTO AGT.*.*.RES._MANAGER.DIAG UACC(NONE) +
DATA('Protects control of the Automation Manager diagnostics')
RDEFINE SYSAUTO AGT.*.*.RES._MANAGER.PACING UACC(NONE) +
DATA('Controls the release function of the INGPAC command')
Component : ACF2 for z/OS
The default resource type for any resource class is the first three characters of the class. Here the SYSAUTO general resource class is used by SA z/OS. SYSauto would appear as $TYPE(SYA). The following are sample rules to allow users to access these resources under CA ACF2
$KEY(AGT) TYPE(SYA)
-.RES._CONFIG UID(user allowed access) ALLOW
-.RES._MANAGER UID(user allowed access) ALLOW
-.RES._MANAGER.DIAG UID(user allowed access) ALLOW
-.RES._MANAGER.PACING UID(user allowed access) ALLOW
For complete security details see
https://www.ibm.com/docs/en/z-