IBMZSAM security Configuration with ACF2.
Article ID: 243950
Updated On: 06-29-2022
Products
Issue/Introduction
IBM ZSAM have provided jcl to create the security environment for RACF.
ACF2 version is needed.
Environment
Release : 16.0
Component : ACF2 for z/OS
Resolution
ACF
SET RESOURCE(FAC)
RECKEY IZSAM ADD( DB.AU-.- USER(IZSAMADM) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( DB.AU-.- USER(IZSAMUSR) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( DB.AU-.- USER(AUID001) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( DB.- USER(IZSAMADM) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( DB.- USER(IZSAMUSR) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.ASSET USER(IZSAMADM) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.ASSET USER(IZSAMUSR) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.ASSET USER(AUID001) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.DISC USER(IZSAMADM) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.DISC USER(IZSAMUSR) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.ADMIN USER(IZSAMADM) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.ADMIN.LIB_CLASSIFICATION USER(IZSAMADM) -
ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.CUSTOM USER(IZSAMADM) ALLOW SERVICE(READ))
RECKEY IZSAM ADD( MENU.CUSTOM USER(IZSAMUSR) ALLOW SERVICE(READ))
F ACF2,REBUILD(FAC)
SET PROFILE(USER) DIV(KEYRING)
INSERT hsisanlo.IZSAM RINGNAME(IZSAM_KEYRING)
GENCERT CERTAUTH.hsisanlo -
SUBJ( O('Your Organization') -
CN('Your Domain') -
C('US')) -
LABEL('LOCALCA') -
KEYUSAGE(CERTSIGN)
GENCERT hsisanlo.cert -
SUBJ (CN('IZSAMCERT') -
OU('Your Dept.') -
C('US')) -
LABEL('IZSAMCERT') -
SIGNWITH(CERTAUTH.hsisanlo)
CONNECT CERTDATA(hsisanlo.cert) KEYRING(hsisanlo.IZSAM) -
RINGNAME(IZSAM_KEYRING) USAGE(PERSONAL) DEFAULT
CONNECT CERTDATA(CERTAUTH.hsisanlo) KEYRING(hsisanlo.IZSAM)
RINGNAME(IZSAM_KEYRING) USAGE(CERTAUTH)
F ACF2,REBUILD(USR),CLASS(P)
SET RESOURCE(FAC)
RECKEY IRR ADD(DIGTCERT.LIST USER(Userid-running-HSISANLO) -
SERVICE(READ) ALLOW)
RECKEY IRR ADD(DIGTCERT.LISTRING USER(Userid-running-HSISANLO) -
SERVICE(READ) ALLOW)
F ACF2,REBUILD(FAC)
END
Feedback
