IBM ZSAM have provided jcl to create the security environment for RACF.
ACF2 version is needed.
Release : 16.0
Component : ACF2 for z/OS
ACF
SET RESOURCE(FAC)
RECKEY IZSAM ADD( DB.AU-.- USER(IZSAMADM) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( DB.AU-.- USER(IZSAMUSR) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( DB.AU-.- USER(AUID001) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( DB.- USER(IZSAMADM) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( DB.- USER(IZSAMUSR) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.ASSET USER(IZSAMADM) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.ASSET USER(IZSAMUSR) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.ASSET USER(AUID001) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.DISC USER(IZSAMADM) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.DISC USER(IZSAMUSR) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.ADMIN USER(IZSAMADM) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.ADMIN.LIB_CLASSIFICATION USER(IZSAMADM) -
ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.CUSTOM USER(IZSAMADM) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.CUSTOM USER(IZSAMUSR) ALLOW SERVICE(READ))
F ACF2,REBUILD(FAC)
SET PROFILE(USER) DIV(KEYRING)
INSERT hsisanlo.IZSAM RINGNAME(IZSAM_KEYRING)
GENCERT CERTAUTH.hsisanlo -
SUBJ( O('Your Organization') -
CN('Your Domain') -
C('US')) -
LABEL('LOCALCA') -
KEYUSAGE(CERTSIGN)
GENCERT hsisanlo.cert -
SUBJ (CN('IZSAMCERT') -
OU('Your Dept.') -
C('US')) -
LABEL('IZSAMCERT') -
SIGNWITH(CERTAUTH.hsisanlo)
CONNECT CERTDATA(hsisanlo.cert) KEYRING(hsisanlo.IZSAM) -
RINGNAME(IZSAM_KEYRING) USAGE(PERSONAL) DEFAULT
CONNECT CERTDATA(CERTAUTH.hsisanlo) KEYRING(hsisanlo.IZSAM)
RINGNAME(IZSAM_KEYRING) USAGE(CERTAUTH)
F ACF2,REBUILD(USR),CLASS(P)
SET RESOURCE(FAC)
RECKEY IRR ADD(DIGTCERT.LIST USER(Userid-running-HSISANLO) -
SERVICE(READ) ALLOW)
RECKEY IRR ADD(DIGTCERT.LISTRING USER(Userid-running-HSISANLO) -
SERVICE(READ) ALLOW)
F ACF2,REBUILD(FAC)
END