EKMF Security Setup for Top Secret
search cancel

EKMF Security Setup for Top Secret

book

Article ID: 253930

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Top Secret security setup for EKMF converted from EKMF RACF security setup:

ADDGROUP LIBSRVGP SUPGROUP(SYS1) OWNER(SYS1) OMVS(GID(AUTOGID))
ADDUSER LIBSRV NOPASSWORD DFLTGRP(LIBSRVGP) NAME('EKMF SERVER') OWNER(SYS1) OMVS(UID(AUTOUID) HOME('/u/libsrv') PROGRAM('/bin/sh'))
RDEFINE STARTED EKMFSRV.* OWNER(SYS1) UACC(NONE) STDATA(USER(LIBSRV) GROUP(LIBSRVGP) PRIVILEGED(NO) TRUSTED(NO) TRACE(YES))
RDEFINE STARTED EKMFANGL.* OWNER(SYS1) UACC(NONE) STDATA(USER(LIBSRV) GROUP(LIBSRVGP) PRIVILEGED(NO) TRUSTED(NO) TRACE(YES))
RDEFINE SERVER BBG.ANGEL.EKMFANGL OWNER(SYS1) UACC(NONE)
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM OWNER(SYS1) UACC(NONE)
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.SAFCRED OWNER(SYS1) UACC(NONE)
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.ZOSWLM OWNER(SYS1) UACC(NONE)
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.TXRRS OWNER(SYS1) UACC(NONE)
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.ZOSDUMP OWNER(SYS1) UACC(NONE)
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.LOCALCOM OWNER(SYS1) UACC(NONE)
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.WOLA OWNER(SYS1) UACC(NONE)
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.PRODMGR OWNER(SYS1) UACC(NONE)
RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.ZOSAIO OWNER(SYS1) UACC(NONE)
RDEFINE SERVER BBG.AUTHMOD.BBGZSCFM.WOLA OWNER(SYS1) UACC(NONE)
RDEFINE SERVER BBG.SECPFX.EKMFWEB OWNER(SYS1) UACC(NONE)
PERMIT BBG.ANGEL.EKMFANGL CLASS(SERVER) ACCESS(READ) ID(LIBSRV)
PERMIT BBG.AUTHMOD.BBGZSAFM CLASS(SERVER) ACCESS(READ) ID(LIBSRV)
PERMIT BBG.AUTHMOD.BBGZSAFM.SAFCRED CLASS(SERVER) ACCESS(READ) ID(LIBSRV)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSWLM CLASS(SERVER) ACCESS(READ) ID(LIBSRV)
PERMIT BBG.AUTHMOD.BBGZSAFM.TXRRS CLASS(SERVER) ACCESS(READ) ID(LIBSRV)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSDUMP CLASS(SERVER) ACCESS(READ) ID(LIBSRV)
PERMIT BBG.AUTHMOD.BBGZSAFM.LOCALCOM CLASS(SERVER) ACCESS(READ) ID(LIBSRV)
PERMIT BBG.AUTHMOD.BBGZSAFM.WOLA CLASS(SERVER) ACCESS(READ) ID(LIBSRV)
PERMIT BBG.AUTHMOD.BBGZSAFM.PRODMGR CLASS(SERVER) ACCESS(READ) ID(LIBSRV)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSAIO CLASS(SERVER) ACCESS(READ) ID(LIBSRV)
PERMIT BBG.AUTHMOD.BBGZSCFM.WOLA CLASS(SERVER) ACCESS(READ) ID(LIBSRV)
PERMIT BBG.SECPFX.EKMFWEB CLASS(SERVER) ACCESS(READ) ID(LIBSRV)
ADDGROUP WSCLGP SUPGROUP(SYS1) OWNER(SYS1) OMVS(AUTOGID) DATA('WAS Unauthenticated User Group')
ADDUSER WSGUEST RESTRICTED NOPASSWORD NOOIDCARD NAME('WAS DEFAULT USER') OWNER(SYS1) OMVS(autouid HOME('/local/WebSphere/home/WSCLGP') PROGRAM('/bin/sh')) DFLTGRP(WSCLGP)
CONNECT WSGUEST GROUP(WSCLGP) OWNER(SYS1) AUTH(USE) UACC(NONE)
RDEFINE APPL EKMFWEB OWNER(SYS1) UACC(NONE)
PERMIT EKMFWEB CLASS(APPL) ACCESS(READ) ID(WSGUEST)
RDEFINE CSFSERV CSFDSG   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFDSV   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFEDH   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFHMG   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFHMV   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFKGN   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFKGN2  OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFKRC   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFKRC2  OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFKRR   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFKRR2  OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFKRW   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFKRW2  OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFKYT   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFKYT2  OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFKYTX  OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFOWH   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFPKG   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFPKI   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFPKRC  OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFPKRR  OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFPKRW  OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFPKX   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFRNG   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFRNGL  OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFSAD   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFSAE   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFSYI   OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFSYI2  OWNER(SYS1) UACC(NONE)
RDEFINE CSFSERV CSFSYX   OWNER(SYS1) UACC(NONE)
PERMIT CSFDSG   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFDSV   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFEDH   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFHMG   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFHMV   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFKGN   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFKGN2  CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFKRC   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFKRC2  CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFKRR   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFKRR2  CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFKRW   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFKRW2  CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFKYT   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFKYT2  CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFKYTX  CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFOWH   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFPKG   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFPKI   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFPKRC  CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFPKRR  CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFPKRW  CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFPKX   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFRNG   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFRNGL  CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFSAD   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFSAE   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFSYI   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFSYI2  CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
PERMIT CSFSYX   CLASS(CSFSERV) ACCESS(READ) ID(LIBSRVGP)
RDEFINE CSFKEYS EKMF.WEB.DRK.IMP00001 OWNER(SYS1) UACC(NONE)
RDEFINE CSFKEYS EKMF.WEB.HMAC.MAC00001 OWNER(SYS1) UACC(NONE)
RDEFINE CSFKEYS EKMF.WEB.SECRET.CIP00001 OWNER(SYS1) UACC(NONE)
RDEFINE CSFKEYS EKMF.WEB.IDENTITY.PRV00001 OWNER(SYS1) UACC(NONE)
PERMIT EKMF.WEB.DRK.IMP00001 CLASS(CSFKEYS) ACCESS(CONTROL) ID(LIBSRVGP)
PERMIT EKMF.WEB.HMAC.MAC00001 CLASS(CSFKEYS) ACCESS(CONTROL) ID(LIBSRVGP)
PERMIT EKMF.WEB.SECRET.CIP00001 CLASS(CSFKEYS) ACCESS(CONTROL) ID(LIBSRVGP)
PERMIT EKMF.WEB.IDENTITY.PRV00001 CLASS(CSFKEYS) ACCESS(CONTROL) ID(LIBSRVGP)
RDEFINE EJBROLE EKMFWEB.*.* OWNER(SYS1) UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.authenticated OWNER(SYS1) UACC(NONE)
RDEFINE EJBROLE EKMFWEB.com.ibm.ws.security.oauth20.* OWNER(SYS1) UACC(NONE)
PERMIT EKMFWEB.ekmf-rest-api.authenticated CLASS(EJBROLE) ACCESS(READ) ID(*)
PERMIT EKMFWEB.com.ibm.ws.security.oauth20.* CLASS(EJBROLE) ACCESS(READ) ID(*)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.auditlog:read OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.certificates:import OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.certificates:import:untrusted OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.datasets:read OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:active:deactivate OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:active:install OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:active:mark_compromised OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:active:uninstall OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:compromised:destroy OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:compromised:install OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:compromised:uninstall OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:deactivated:destroy OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:deactivated:install OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:deactivated:mark_compromised OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:deactivated:reactivate OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:deactivated:uninstall OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:destroyed:mark_compromised OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:distribute OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:export OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:generate OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:non_existing:generate OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:non_existing:import OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:pre_activation:activate OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:pre_activation:destroy OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:pre_activation:mark_compromised OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:read OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:write OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:write:exportControl OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:write:exportControl:allowedKeys:add OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:write:exportControl:allowedKeys:remove OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keys:write:tags OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keystores:read OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.keystores:write OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.settings:write OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.templates:read OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.templates:write OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.user:passcode:create OWNER('SYS1') UACC(NONE)
RDEFINE EJBROLE EKMFWEB.ekmf-rest-api.user:passcode:delete OWNER('SYS1') UACC(NONE)
ADDGROUP EKMFWKA SUPGROUP(SYS1) OWNER('SYS1')
PERMIT EKMFWEB CLASS(APPL) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.auditlog:read CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.keys:non_existing:import CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.keys:read CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.keys:write CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.keystores:read CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.keystores:write CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.settings:write CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.templates:read CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.templates:write CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.keys:distribute CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.keys:active:install CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.keys:pre_activation:activate CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
PERMIT EKMFWEB.ekmf-rest-api.keys:deactivated:reactivate CLASS(EJBROLE) ACCESS(READ) ID(EKMFWKA)
CONNECT WEBADM1 GROUP(EKMFWKA) OWNER(SYS1)


SETROPTS CLASSACT(DIGTRING)
RACDCERT ID(LIBSRV) ADDRING(EKMFKEYRING)
RDEFINE RDATALIB LIBSRV.EKMFKEYRING.LST OWNER(SYS1) UACC(NONE)
PERMIT LIBSRV.EKMFKEYRING.LST CLASS(RDATALIB) ACCESS(READ) ID(LIBSRV)
SETROPTS REFRESH RACLIST(EJBROLE)
SETROPTS REFRESH RACLIST(APPL)
SETROPTS RACLIST(SERVER) REFRESH
SETROPTS RACLIST(STARTED) GENERIC(STARTED) REFRESH
SETROPTS RACLIST(DIGTRING) REFRESH
SETROPTS REFRESH RACLIST(EJBROLE)
SETROPTS RACLIST(FACILITY) REFRESH
SETROPTS RACLIST(DIGTRING) REFRESH
SETROPTS RACLIST(DIGTCERT) REFRESH
SETROPTS RACLIST(RDATALIB) REFRESH
SETROPTS RACLIST(CSFSERV) REFRESH
SETROPTS RACLIST(CSFKEYS) REFRESH

Resolution

TSS CREATE(LIBSRVGP) NAME(LIBSRVGP) DEPT(deptname) TYPE(PROFILE) 
TSS CREATE(LIBSRVGG) NAME(LIBSRVGG) DEPT(deptname) TYPE(GROUP) 
TSS ADD(LIBSRVGG)  GID(?)  
TSS CREATE(LIBSRV) NAME('EKMF SERVER') DEPT(deptname) TYPE(USER) PROTECTED 
TSS ADD(LIBSRV) HOME('/u/libsrv') OMVSPGM('/bin/sh') UID(?) PROFILE(LIBSRVGP) 
TSS ADD(LIBSRV) GROUP(LIBSRVGG) DFLTGRP(LIBSRVGG)
TSS ADD(STC) PROCN(EKMFSRV) ACID(LIBSRV)
TSS ADD(STC) PROCN(EKMANGL) ACID(LIBSRV)
TSS ADD(owningacid) SERVER(BBG.)
TSS PER(LIBSRV) SERVER(BBG.) ACC(READ)
TSS CREATE(WSCLGP) NAME('WAS Unauthenticated Group') DEPT(deptname) TYPE(PROFILE) 
TSS CREATE(WSCLGPGG) NAME(WSCLGG) DEPT(deptname) TYPE(GROUP) 
TSS ADD(WSCLGG) GID(?)
TSS CREATE(WSGUEST) NAME('WAS DEFAULT USER') DEPT(deptname) TYPE(USER) PROTECTED 
TSS ADD(WSGUEST) HOME('/local/Websphere/home/WSCLGP') OMVSPGM('/bin/sh') UID(?) PROFILE(WSCLGP) 
TSS ADD(WSGUEST) GROUP(WSCLGG) DFLTGRP(WSCLGG) HOME('/local/Websphere/home/WSCLGP') OMVSPGM('/bin/sh') UID(?) 
TSS ADD(WSGUEST) GROUP(WSCLGG) DFLTGRP(WSCLGG)
TSS ADD(WSGUEST) PROFILE(WSCLGP) 
TSS ADD(WSGUEST) GROUP(WSCLGG) DFLTGRP(WSCLGG)
TSS ADD(owningacid) APPL(EKMFWEB)
TSS PER(WSGUEST) APPL(EKMFSERV)
TSS ADD(owningacid) CSFSERV(CSF)
TSS PER(LIBSRVGP) CSFSERV(CSF) ACC(READ)
TSS ADD(owningacid) CSFKEYS(EKMF)
TSS PER(LIBSRVGP) CSFKEYS(EKMF.) ACC(READ)
TSS ADD(owningacid) EJBROLE(EKMFWEB) 
TSS PER(ALL) EJBROLE(EKMFWEB)
TSS ADD(owningacid) EJBROLE(EKMFWEB) 
TSS CRE(EKMFWKA) NAME(EMFWKA) TYPE(PROFILE) DEPT(deptname)
TSS PER(EKMFWKA) APPL(EKMFWEB)
TSS PER(EKMFWKA) EJBROLE(EKMFWEB)
TSS ADD(LIBSRV) KEYRING(EKMFRING) LABLRING(EKMFKEYRING)
TSS ADD(owningacid) RDATALIB(LIBSRV)
TSS PER(LIBSRV) RDATALIB(LIBSRV.EKMFKEYRING.LST) ACC(READ)

Additional Information

Please see knowledge document "Translation of EKMF RACF digital certificate commands to Top Secret" to setup Digital Certificate for EKMF.

Powered by Wolken Software