ACF2 privilege needed for IBM Z Multi Factor Authentication (MFA) panels
search cancel

ACF2 privilege needed for IBM Z Multi Factor Authentication (MFA) panels

book

Article ID: 247565

calendar_today

Updated On:

Products

ACF2

Issue/Introduction

Which ACF2 privilege and security rules are needed to access IBM MFA panels?

 

Environment

Release : 16.0

Component : ACF2 for z/OS

Resolution

SECURITY is a requirement for users of the AZFEXEC panel, however, granular control can be set up for which factors SECURITY users have access to modify via the "IRR.RFACTOR.MFADEF.[factorName]" rules in the FACILITY class.

The masked form "IRR.RFACTOR.MFADEF.-" provides the SECURITY user access to all factors.  Exact Factor names can be specified to have access over by supplying the factor name for the fourth qualifier as shown below in example:

If only AZFSTC and AZFSIDP1 factors need to be allowed:

  1. Give SECURITY to factor administrator
  2. Give READ and UPDATE access for "IRR.RFACTOR.MFADEF.AZFSTC" in the FACILITY class for factor administrator
  3. Give READ and UPDATE access for "IRR.RFACTOR.MFADEF.AZFSIDP1" in the FACILITY class for factor administrator

 

Powered by Wolken Software