search cancel

ACF2 setup for JESINPUT resource class

book

Article ID: 253965

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

How to define a specific class for JESINPUT and grant explicit access to any JESINPUT sources with limited specific access?                            

                                                       

                                                      

 

Environment

Release : 16.0

Resolution

By default, ACF2 has internal SAFDEF that ignores CLASS=JESINPUT AUTH call made by the REQUESTOR=ACF9CSFV. 

The following steps need to be done to set up JESINPUT validation. 

- Insert a SAFDEF with MODE=GLOBAL for CLASS=JESINPUT

SET C(GSO)
INSERT SAFDEF.JESINPUT FUNCRET(4) FUNCRSN(0) ID(JESINPUT) JOBNAME(-) MODE(GLOBAL) RACROUTE(REQUEST=AUTH CLASS=JESINPUT REQSTOR=ACF9CSFV) RETCODE(4) USERID(-) 
F ACF2,REFRESH(SAFDEF)

        
- Insert a clasmap to map it to resource type code of your choice, abc as an example

SET C(GSO)
INSERT CLASMAP.JESINPUT ENTITYLN(8) RESOURCE(JESINPUT) RSRCTYPE(abc)     
F ACF2,REFRESH(CLASMAP)

- Write resource rules accordingly, here is a sample rule to allow and log for UID(*)

SET R(abc)
$KEY(********) TYPE(abc)     
UID(*) LOG

- Add it to INFODIR to make it resident

SET C(GSO)
CHANGE INFODIR TYPES(R-Rabc) ADD
F ACF2,REFRESH(INFODIR)
F ACF2,REBUILD(abc)  
                                 

 

Additional Information

Set up for JESINPUT resource class on ACF2 - DISA STIG ACF2-JS-000080