IBM MFA - documentation for CheckCTC definitions.in ACF2
search cancel

IBM MFA - documentation for CheckCTC definitions.in ACF2

book

Article ID: 274059

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

Documentation for Check CTC implementation with IBM MFA in ACF2. 

 

 

Environment

Release : 16.0

Resolution

Additional RACF administration steps for check CTC

Last Updated: 2023-02-03

You must perform RACF® administration steps on the CTC destination for check CTC.

  • Define a resource profile in MFADEF class
    You define IBM® MFA factors by creating a general resource profile for the factor name in the MFADEF class. To define a factor for check CTC, use     RDEFINE to create a resource profile named FACTOR.AZFCKCTC in the MFADEF class.
  • Define a resource profile in FACILITY class
    To define authorization to execute the panels for check CTC administration, use     RDEFINE to create a resource profile named IRR.RFACTOR.MFADEF.AZFCKCTC in the FACILITY class.
  • Authorize access to IRR.RFACTOR.MFADEF.AZFCKCTC profile
    Authorize the administrators who execute the panels to the     IRR.RFACTOR.MFADEF.AZFCKCTC profile.


Define a resource profile in MFADEF class

Last Updated: 2023-02-03

You define IBM® MFA factors by creating a general resource profile for the factor name in the MFADEF class. To define a factor for check CTC, use RDEFINE to create a resource profile named FACTOR.AZFCKCTC in the MFADEF class.

Procedure

  1. Define the profile in the MFADEF class:
    RDEF MFADEF FACTOR.AZFCKCTC OWNER(userid or group-name)

    ACF
    SET CONTROL(FACTOR)
    INSERT AZFCKCTC

  2. Refresh the MFADEF class:
    SETROPTS RACLIST(MFADEF) REFRESH

    F ACF2,REFRESH(FAC),TYPE(FAC)
  3. Verify the change. For example:
    RLIST MFADEF FACTOR.AZFCKCTC

    ACF
    SET CONTROL(FAC)
    LIST AZFCKCTC
    END

 

 

Define a resource profile in FACILITY class

Last Updated: 2023-02-03

To define authorization to execute the panels for check CTC administration, use RDEFINE to create a resource profile named IRR.RFACTOR.MFADEF.AZFCKCTC in the FACILITY class.

Procedure

  1. Define the profile in the FACILITY class:
    RDEF FACILITY IRR.RFACTOR.MFADEF.AZFCKCTC OWNER(userid or group-name)
    Not needed in ACF2
    Refresh the FACILITY class:
    SETROPTS RACLIST(FACILITY) REFRESH
    Not needed in ACF2
  2. Verify the change. For example:
    RLIST FACILITY IRR.RFACTOR.MFADEF.AZFCKCTC
    not needed in ACF2

Authorize access to IRR.RFACTOR.MFADEF.AZFCKCTC profile last Updated: 2023-02-03

Authorize the administrators who execute the panels to the IRR.RFACTOR.MFADEF.AZFCKCTC profile.

Procedure

  1. Allow the access shown in Table 1:

Permission

Access

READ

Able to view configuration options, but may not update, create, or delete parameters.

UPDATE, CONTROL, ALTER

Able to create, update, delete, and view configuration options.

Table 1. Required levels of permission

For example:

PERMIT IRR.RFACTOR.MFADEF.AZFCKCTC ACCESS(ALTER) CLASS(FACILITY) ID(user-id)

ACF
SET RESOURCE(FAC)
RECKEY IRR ADD(RFACTOR.MFADEF.AZFCKCTC USER(adminid) SERVIC(READ,UPDATE) ALLOW)
END

SETROPTS RACLIST(FACILITY) REFRESH
F ACF2,REFRESH(FAC)

Powered by Wolken Software