search cancel

IBMZSAM security Configuration with ACF2.

book

Article ID: 243950

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

IBM ZSAM have provided jcl to create the security environment for RACF.
ACF2 version is needed.

Environment

Release : 16.0

Component : ACF2 for z/OS

Resolution

ACF
 SET RESOURCE(FAC)
 RECKEY IZSAM ADD( DB.AU-.- USER(IZSAMADM) ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( DB.AU-.- USER(IZSAMUSR) ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( DB.AU-.- USER(AUID001) ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( DB.- USER(IZSAMADM) ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( DB.- USER(IZSAMUSR) ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( MENU.ASSET USER(IZSAMADM) ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( MENU.ASSET USER(IZSAMUSR) ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( MENU.ASSET USER(AUID001) ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( MENU.DISC USER(IZSAMADM) ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( MENU.DISC USER(IZSAMUSR) ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( MENU.ADMIN USER(IZSAMADM) ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( MENU.ADMIN.LIB_CLASSIFICATION USER(IZSAMADM) -
 ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( MENU.CUSTOM USER(IZSAMADM) ALLOW SERVICE(READ))
 RECKEY IZSAM ADD( MENU.CUSTOM USER(IZSAMUSR) ALLOW SERVICE(READ))
 F ACF2,REBUILD(FAC)
 
 SET PROFILE(USER) DIV(KEYRING)
 INSERT hsisanlo.IZSAM RINGNAME(IZSAM_KEYRING)
 
 GENCERT CERTAUTH.hsisanlo  -
 SUBJ( O('Your Organization')   -
 CN('Your Domain')                    -
 C('US'))                         -
 LABEL('LOCALCA')                 -
 KEYUSAGE(CERTSIGN)
 
 GENCERT hsisanlo.cert         -
 SUBJ (CN('IZSAMCERT')                  -
 OU('Your Dept.')                             -
 C('US'))                                     -
 LABEL('IZSAMCERT')                       -
 SIGNWITH(CERTAUTH.hsisanlo) 

 CONNECT CERTDATA(hsisanlo.cert) KEYRING(hsisanlo.IZSAM) -
 RINGNAME(IZSAM_KEYRING) USAGE(PERSONAL) DEFAULT 
 
 CONNECT CERTDATA(CERTAUTH.hsisanlo) KEYRING(hsisanlo.IZSAM)
 RINGNAME(IZSAM_KEYRING) USAGE(CERTAUTH)
 F ACF2,REBUILD(USR),CLASS(P)

 SET RESOURCE(FAC)
 RECKEY IRR ADD(DIGTCERT.LIST USER(Userid-running-HSISANLO) - 
 SERVICE(READ) ALLOW)
 RECKEY IRR ADD(DIGTCERT.LISTRING USER(Userid-running-HSISANLO) - 
 SERVICE(READ) ALLOW)
 F ACF2,REBUILD(FAC)
 END