Profile Selection not working migrating ACF2 to SAF environment.
search cancel

Profile Selection not working migrating ACF2 to SAF environment.

book

Article ID: 278889

calendar_today

Updated On:

Products

TPX - Session Management

Issue/Introduction

When (SMRT option 9) Security System is switched to SAF on an ACF2 environment,
assignment of profiles does not appear to be following ACF2 resource rule validation.

Environment

Release : 5.4
Component : TPX for Z/OS

Cause

Configured the following setting in SMRT but unable to to validate profile for users, when switching to SAF.
Current configuration ... 

Load profiles at startup:      Y
* Dynamic Users Allowed:       Y
* Profile Selection:           PROF
* Resource Class:              PRFCLASS

in ACF2:

Show clasmap
PRFCLASS    TPX    NN          EXT

ACF75052 RESOURCE RULE TST STORED BY XXXXX ON nn/mm/yy-mm:ss
$KEY(TST) TYPE(TPX)
 UID(***USR1) ALLOW
 UID(***USR2) ALLOW

 

Resolution

Recommended (sample) procedure to setup Resource Class for SAF calls,
in particular when changing security system from ACF2 to SAF. 

ACF
INSERT CLASMAP.TPXPROF RESOURCE(TPXPROF) RSRCTYPE(ZTX) ENTITYLN(8)
CHANGE INFODIR TYPES(R-RZTX) ADD
RECKEY MVSPROF3 ADD(UID(TPXQA01) ALLOW)

F ACF2,REFRESH(INFODIR)
F ACF2,REBUILD(ZTX)
F ACF2,REFRESH(CLASMAP)

* Profile Selection:         PROF   
* Resource Class:          TPXPROF

Suggest using RESOURCE CLASS name instead of R-TYPE because of ENTITYLN parameter.

Powered by Wolken Software