Top Secret Equivalent Commands For the RACFDRV Member for CICS/TS 3.1 Installation
Article ID: 27677
Updated On:
Products
Top Secret
Issue/Introduction
Is there a Top Secret converted version of RACFDRV member?
Environment
Release: Top Secret - all Versions
Resolution
//insert a valid jobcard //* //********************************************************************* //* //JOBLIB DD DISP=SHR,DSN=CICSTS31.SCPPLOAD //* //* JOB: RACFDRV //* //* DOC: //* THIS JOB CREATES RACF DATASET PROFILES AND THE REQUIRED //* FACILITY CLASS PROFILES TO RUN THE REMAINING INSTALLATION //* JOBS. //* //* UPDATES: //* DEFAULT USERID IBMUSER MUST BE CHANGED BEFORE THE JOB IS //* SUBMITTED. //* //* IMPORTANT: //* THE USERID THAT RUNS THIS JOB MUST HAVE SPECIAL AUTHORITY. //* //* REVIEW THE CONTENTS OF THIS JOB BEFORE SUBMITTING IT. //* RUNNING IT UNCHANGED ON AN EXISTING SYSTEM CAN CAUSE //* OUTAGE, SIGNIFICANT SECURITY EXPOSURE OR LOSS OF //* AUTHORIZATION TO SYSTEM RESOURCES. //* //* NOTES: //* THIS JOB SHOULD NOT BE RUN ON THE CUSTOMIZED OFFERINGS DRIVER //* AS IT ALREADY HAS THE REQUIRED RACF DEFINITIONS. //* //* IF A DEFINITION ALREADY EXISTS EXPECT IKJ56702I MESSAGES //* WHICH CAN BE IGNORED. //* //* REVIEW THE JOB OUTPUT TO VERIFY SECURITY OBJECTIVE HAVE //* BEEN MET. //* //* MRC: //* THE MAXIMUM EXPECTED RETURN CODE IS: 00 //* //RACFPRF2 EXEC PGM=IKJEFT01 //SYSTSPRT DD SYSOUT=* //SYSTERM DD DUMMY //SYSTSIN DD *
RACF Commands:
PROF MSGID WTPMSG
SETROPTS +
GENERIC(*) +
GENCMD(*) +
CLASSACT(FACILITY +
LOGSTRM) +
RACLIST(FACILITY)
TSS Equivalent:
No TSS equivalent.
RACF Commands:
ADDGROUP + DFSGRP + SUPGROUP(SYS1) + OMVS(GID(3))
TSS Equivalent:
TSS CRE(DFSGRP) TYPE(GROUP) DEPT(dept) NAME('DFSGRP group')
TSS ADD(DFSGRP) GID(3)
TSS MODI OMVSTABS
RACF Commands:
ADDUSER + DFS + DFLTGRP(DFSGRP) + AUTHORITY(CREATE) + OMVS(HOME(/opt/dfslocal/home/dfscntl) UID(0)) + UACC(NONE)
TSS Equivalent:
TSS CRE(DFS) TYPE(USER) NAME(?DFS user?) DEPT(dept) PASS(xxxx,0) TSS ADD(DFS) GROUP(DFSGRP) DFLTGRP(DFSGRP) UID(0) HOME(/opt/dfslocal/home/dfscntl) TSS MODI OMVSTABS
NOTE: In TSS, it is recommended that all STC acids be given a password and OPTIONS(4) be set in the TSS parameter file. This way, when the started task is started, there will not be a prompt for the password but if someone tries to signon to the system when that acid, they will need to know the password.
RACF Commands:
RDEFINE + STARTED + DFS.* + STDATA(USER(DFS)) RDEFINE + STARTED + DFSCM.* + STDATA(USER(DFS)) RDEFINE + STARTED + ZFS.* + STDATA(USER(DFS))
TSS Equivalent:
TSS ADD(STC) PROCNAME(DFS) ACID(DFS) TSS ADD(STC) PROCNAME(DFSCM) ACID(DFS) TSS ADD(STC) PROCNAME(ZFS) ACID(DFS)
RACF Commands:
ADDGROUP + CICSTS31 + SUPGROUP(SYS1) CONNECT + IBMUSER + GROUP(CICSTS31) + AUTH(JOIN)
TSS Equivalent:
TSS CRE(CICSTS31) TYPE(GROUP) DEPT(dept) NAME(?CICSTS31 group?) TSS ADD(CICSTS31) GID(nn) TSS ADD(IBMUSER) GROUP(CICSTS31) TSS MODI OMVSTABS
RACF Commands:
AD + 'CICSTS31.*' + GENERIC + OWNER(IBMUSER) + UACC(READ) PE + 'CICSTS31.*' + ID(IBMUSER) + ACC(ALTER) PE + 'CICSTS31.*' + ID(OMVSKERN) + ACC(ALTER) PE + 'CICSTS31.*' + ID(DFS) + ACC(ALTER)
TSS Equivalent:
TSS ADD(dept) DSN(CICSTS31.) TSS PER(IBMUSER) DSN(CICSTS31.) ACC(ALL) TSS PER(OMVSKERN) DSN(CICSTS31.) ACC(ALL) TSS PER(DFS) DSN(CICSTS31.) ACC(ALL)
RACF Commands:
ADDGROUP + OMVS + SUPGROUP(SYS1) CONNECT + IBMUSER + GROUP(OMVS) + AUTH(JOIN)
TSS Equivalent:
TSS CRE(OMVS) TYPE(GROUP) DEPT(dept) NAME(?OMVS group?) TSS ADD(OMVS) GID(nn) TSS ADD(IBMUSER) GROUP(OMVS) TSS MODI OMVSTABS
RACF Commands:
AD + 'OMVS.*' + GENERIC + OWNER(IBMUSER) + UACC(READ) PE + 'OMVS.*' + ID(IBMUSER) + ACC(ALTER) PE + 'OMVS.*' + ID(OMVSKERN) + ACC(ALTER) PE + 'OMVS.*' + ID(DFS) + ACC(ALTER)
TSS Equivalent:
TSS ADD(dept) DSN(OMVS.) TSS PER(IBMUSER) DSN(OMVS.) ACC(ALL) TSS PER(OMVSKERN) DSN(OMVS.) ACC(ALL) TSS PER(DFS) DSN(OMVS.) ACC(ALL)
RACF Commands:
CONNECT + IBMUSER + GROUP(SYS1) + AUTH(JOIN)
TSS Equivalent:
TSS ADD(IBMUSER) GROUP(SYS1) TSS MODI OMVSTABS
RACF Commands:
AD + 'SYS1.*' + GENERIC + OWNER(IBMUSER) + UACC(READ) PE + 'SYS1.*' + ID(IBMUSER) + ACC(ALTER) PE + 'SYS1.*' + ID(OMVSKERN) + ACC(ALTER) PE + 'SYS1.*' + ID(DFS) + ACC(ALTER)
TSS Equivalent:
TSS ADD(dept) DSN(SYS1.) TSS PER(IBMUSER) DSN(SYS1.) ACC(ALL) TSS PER(OMVSKERN) DSN(SYS1.) ACC(ALL) TSS PER(DFS) DSN(SYS1.) ACC(ALL)
RACF Commands:
ADDGROUP + SYS2 + SUPGROUP(SYS1) CONNECT + IBMUSER + GROUP(SYS2) + AUTH(JOIN)
TSS Equivalent:
TSS CRE(SYS2) TYPE(GROUP) DEPT(dept) NAME(?SYS2 group?) TSS ADD(SYS2) GID(nn) TSS ADD(IBMUSER) GROUP(SYS2) TSS MODI OMVSTABS
RACF Commands:
AD + 'SYS2.*' + GENERIC + OWNER(IBMUSER) + UACC(READ) PE + 'SYS2.*' + ID(IBMUSER) + ACC(ALTER) PE + 'SYS2.*' + ID(OMVSKERN) + ACC(ALTER) PE + 'SYS2.*' + ID(DFS) + ACC(ALTER)
TSS Equivalent:
TSS ADD(dept) DSN(SYS2.) TSS PER(IBMUSER) DSN(SYS2.) ACC(ALL) TSS PER(OMVSKERN) DSN(SYS2.) ACC(ALL) TSS PER(DFS) DSN(SYS2.) ACC(ALL)
RACF Commands:
PE + BPX.DAEMON + CLASS(FACILITY) + ID(SYS1) + ACC(READ) PE + BPX.DAEMON + CLASS(FACILITY) + ID(IBMUSER) + ACCESS(READ)
TSS Equivalent:
TSS ADD(dept) IBMFAC(BPX.) TSS PER(IBMUSER) IBMFAC(BPX.DAEMON) ACC(READ)
RACF Commands:
ADDGROUP +
TTY +
OMVS(GID(2))
ADDGROUP +
UUCPG +
OMVS(GID(8765))
ADDUSER +
UUCP +
DFLTGRP(UUCPG) +
OMVS(UID(396) +
HOME('/usr/spool/uucppublic') +
PROGRAM('/bin/sh'))
TSS Equivalent:
TSS CRE(TTY) TYPE(GROUP) DEPT(dept) NAME(?TTY group?) TSS ADD(TTY) GID(2) TSS CRE(UUCPG) TYPE(GROUP) DEPT(dept) NAME(?UUCPG group?) TSS ADD(UUCPG) GID(8765) TSS CRE(UUCP) TYPE(USER) DEPT(dept) NAME(?UUCP user?) PASS(xxxx,0) TSS ADD(UUCP) UID(396) GROUP(UUCPG) DFLTGRP(UUCPG) HOME(/usr/spool/uucppublic) OMVSPGM(/bin/sh) TSS MODI OMVSTABS
RACF Commands:
ALTUSER +
IBMUSER +
OMVS(UID(0) +
HOME('/') +
PROGRAM('/bin/sh'))
TSS Equivalent:
TSS ADD(IBMUSER) UID(0) HOME(/) OMVSPGM(/bin/sh) TSS MODI OMVSTABS
RACF Commands:
RDEFINE +
FACILITY BPX.FILEATTR.APF +
UACC(NONE)
RDEFINE +
FACILITY BPX.FILEATTR.PROGCTL +
UACC(NONE)
RDEFINE +
FACILITY BPX.FILEATTR.SHARELIB +
UACC(NONE)
RDEFINE +
UNIXPRIV +
SUPERUSER.FILESYS.PFSCTL +
UACC(NONE)
TSS Equivalent:
The TSS ADD(dept) IBMFAC(BPX.) command earlier defined BPX.FILEATTR.APF, BPX.FILEATTR.PROGCTL, and BPX.FILEATTR.SHARELIB. TSS ADD(dept) UNIXPRIV(SUPERUSE)
RACF Commands:
PE +
BPX.FILEATTR.APF +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(READ)
PE +
BPX.FILEATTR.PROGCTL +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(READ)
PE +
BPX.FILEATTR.SHARELIB +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(READ)
PE +
SUPERUSER.FILESYS.PFSCTL +
CLASS(UNIXPRIV) +
ID(IBMUSER) +
ACC(READ)
TSS Equivalent:
TSS PER(IBMUSER) IBMFAC(BPX.FILEATTR.APF) ACC(READ) TSS PER(IBMUSER) IBMFAC(BPX.FILEATTR.PROGCTL) ACC(READ) TSS PER(IBMUSER) IBMFAC(BPX.FILEATTR.SHARELIB) ACC(READ) TSS PER(IBMUSER) UNIXPRIV(SUPERUSER.FILESYS.PFSCTL) ACC(READ)
RACF Commands:
RDEFINE + FACILITY + MVSADMIN.LOGR + UACC(NONE) RDEFINE + LOGSTRM + SYSPLEX.OPERLOG + UACC(NONE) RDEFINE + LOGSTRM + SYSPLEX.LOGREC.ALLRECS + UACC(NONE)
TSS Equivalent:
TSS ADD(dept) IBMFAC(MVSADMIN) TSS ADD(dept) LOGSTRM(SYSPLEX.)
RACF Commands:
PE + MVSADMIN.LOGR + CLASS(FACILITY) + ID(IBMUSER) + ACC(UPDATE) PE + SYSPLEX.OPERLOG + CLASS(LOGSTRM) + ID(IBMUSER) + ACC(ALTER) PE + SYSPLEX.LOGREC.ALLRECS + CLASS(LOGSTRM) + ID(IBMUSER) + ACC(ALTER)
TSS Equivalent:
TSS PER(IBMUSER) IBMFAC(MVSADMIN.LOGR) ACC(UPDATE) TSS PER(IBMUSER) LOGSTRM(SYSPLEX.OPERLOG) ACC(ALL) TSS PER(IBMUSER) IBMFAC(SYSPLEX.LOGREC.ALLRECS) ACC(ALL)
RACF Commands:
RDEFINE +
FACILITY +
IRR.DIGTCERT.ADD +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.ADDRING +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.ALTER +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.ALTMAP +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.CHECKCERT +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.CONNECT +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.DELETE +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.DELMAP +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.DELRING +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.EXPORT +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.EXPORTKEY +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.GENCERT +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.GENREQ +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.LIST +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.LISTMAP +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.LISTRING +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.MAP +
UACC(NONE)
RDEFINE +
FACILITY +
IRR.DIGTCERT.REMOVE +
UACC(NONE)
TSS Equivalent:
TSS ADD(dept) IBMFAC(IRR.DIGT)
RACF Commands:
PE +
IRR.DIGTCERT.ADD +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.ADD +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(CONTROL)
PE +
IRR.DIGTCERT.ADDRING +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.ADDRING +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(UPDATE)
PE +
IRR.DIGTCERT.ALTER +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.ALTER +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(CONTROL)
PE +
IRR.DIGTCERT.ALTMAP +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.ALTMAP +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(UPDATE)
PE +
IRR.DIGTCERT.CHECKCERT +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.CHECKCERT +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(CONTROL)
PE +
IRR.DIGTCERT.CONNECT +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.CONNECT +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(CONTROL)
PE +
IRR.DIGTCERT.DELETE +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.DELETE +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(CONTROL)
PE +
IRR.DIGTCERT.DELMAP +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.DELMAP +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(UPDATE)
PE +
IRR.DIGTCERT.DELRING +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.DELRING +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(UPDATE)
PE +
IRR.DIGTCERT.EXPORT +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.EXPORT +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(CONTROL)
PE +
IRR.DIGTCERT.EXPORTKEY +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.EXPORTKEY +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(CONTROL)
PE +
IRR.DIGTCERT.GENCERT +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.GENCERT +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(CONTROL)
PE +
IRR.DIGTCERT.GENREQ +
CLASS(FACILITY)+
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.GENREQ +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(CONTROL)
PE +
IRR.DIGTCERT.LIST +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.LIST +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(CONTROL)
PE +
IRR.DIGTCERT.LISTMAP +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.LISTMAP +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(UPDATE)
PE +
IRR.DIGTCERT.LISTRING +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.LISTRING +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(UPDATE)
PE +
IRR.DIGTCERT.MAP +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.MAP +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(UPDATE)
PE +
IRR.DIGTCERT.REMOVE +
CLASS(FACILITY) +
ID(*) +
ACC(READ)
PE +
IRR.DIGTCERT.REMOVE +
CLASS(FACILITY) +
ID(IBMUSER) +
ACC(CONTROL)
TSS Equivalent:
TSS PER(ALL) IBMFAC(IRR.DIGTCERT.ADD) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.ADD) ACC(CONTROL) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.ADDRING) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.ADDRING) ACC(UPDATE) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.ALTER) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.ALTER) ACC(CONTROL) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.ALTMAP) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.ALTMAP) ACC(UPDATE) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.CHECKCERT) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.CHECKCERT) ACC(CONTROL) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.CONNECT) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.CONNECT) ACC(CONTROL) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.DELETE) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.DELETE) ACC(CONTROL) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.DELMAP) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.DELMAP) ACC(UPDATE) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.DELRING) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.DELRING) ACC(UPDATE) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.EXPORT) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.EXPORT) ACC(CONTROL) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.EXPORTKEY) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.EXPORTKEY) ACC(CONTROL) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.GENCERT) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.GENCERT) ACC(CONTROL) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.GENREQ) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.GENREQ) ACC(CONTROL) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.LIST) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.LIST) ACC(CONTROL) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.LISTMAP) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.LISTMAP) ACC(UPDATE) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(UPDATE) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.MAP) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.MAP) ACC(CONTROL) TSS PER(ALL) IBMFAC(IRR.DIGTCERT.REMOVE) ACC(READ) TSS PER(IBMUSER) IBMFAC(IRR.DIGTCERT.REMOVE) ACC(CONTROL)
RACF Commands:
SETROPTS RACLIST(FACILITY +
DIGTCERT +
DIGTCRIT +
DIGTRING +
LOGSTRM +
STARTED +
UNIXPRIV) +
REFRESH
SETROPTS +
RACLIST(STARTED FACILITY LOGSTRM) +
REFRESH
SETROPTS +
GENERIC(*) +
REFRESH
TSS Equivalent:
No TSS equivalent. //NOTOK EXEC PGM=CPPMAXRC,COND=((0,GE),(4000,LT)) /*
Feedback
Yes
No
Powered by
