ACF2 Allow a logonid without SECURITY to INSERT a GSO CERTMAP record
search cancel

ACF2 Allow a logonid without SECURITY to INSERT a GSO CERTMAP record

book

Article ID: 269583

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

How to allow a logonid the ability to INSERT a GSO CERTMAP record without the logonid SECURITY privilege. 

Environment

Release : 16.0

Resolution

How to allow a logonid the ability to INSERT a GSO CERTMAP record rather that using SECURITY and a SCOPE record.

ACF2 allows an authorized user to write ACFCMD.DIGTCERT.command resource rules in the CASECAUT class to grant authorization to designated end users or roles to issue ACF commands to administer some or all ACF2 digital certificate, key ring, and token objects.

The following are requirements to insert a record mapping of a user to a group of certificates from the ACF2 Infostorage database using the Control GSO CERTMAP records:

SECURITY privilege or DELETE authority to ACFCMD.DIGTCERT.ADDMAP

The following example rule can be used to allow USER001 logonid to INSERT a GSO CLASMAP record.

SET RESOURCE(AUT)
reckey acfcmd add(DIGTCERT.ADDMAP user(USER001) service(delete) allow)
F ACF2,REBUILD(AUT)