search cancel

Security commands for IBM Z System Automation 4.30

book

Article ID: 243283

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

When setting up security for IBM Z System Automation 4.3, the appropriate ACF2 commands (converted from RACF) are required.

 

Environment

Component : ACF2 for z/OS

Cause

The IBM RACF details are found at:

https://www.ibm.com/docs/en/z-system-automation/4.3.0?topic=configuring-security-authorization

NOTE that the default access is always NO ACCESS in these examples: 

/*-------------------------------------------------------------------/

/* Define resource profiles in class SYSAUTO to control access to 

/* automation resources. 

/* -------------------------------------------------------------------/

/*

RDEFINE SYSAUTO AGT.*.*.RES._CONFIG UACC(NONE) +

DATA('Protects the automation configuration data model')

RDEFINE SYSAUTO AGT.*.*.RES._MANAGER UACC(NONE)+

DATA('Protects control of the Automation Manager in general')

RDEFINE SYSAUTO AGT.*.*.RES._MANAGER.DIAG UACC(NONE) +

DATA('Protects control of the Automation Manager diagnostics')

RDEFINE SYSAUTO AGT.*.*.RES._MANAGER.PACING UACC(NONE) +

DATA('Controls the release function of the INGPAC command')

Resolution

 

The default resource type for any resource class is the first three characters of the class.  Here the SYSAUTO general resource class is used by SA z/OS.  SYSauto would appear as $TYPE(SYA). The following are sample rules to allow users to access these resources under CA ACF2

$KEY(AGT) TYPE(SYA)

-.RES._CONFIG UID(user allowed access) ALLOW

-.RES._MANAGER UID(user allowed access) ALLOW

-.RES._MANAGER.DIAG UID(user allowed access) ALLOW

-.RES._MANAGER.PACING UID(user allowed access) ALLOW

Additional Information

For complete security details see 

https://www.ibm.com/docs/en/z-system-automation/4.3.0?topic=configuring-security-authorization