RACF z/OSMF 2.2 IZUWMSEC ACF2 Equivalent
Article ID: 279785
Updated On:
Products
ACF2 - z/OS
Issue/Introduction
How to convert the RACF z/OSMF 2.2 IZUWMSEC job to ACF2 Commands.
Environment
Resolution
//IZUWMSEC JOB MSGCLASS=C,MSGLEVEL=(1,1),USER=XXXXXXX,NOTIFY=XXXXXXX
//ACFBATCH EXEC PGM=ACFBATCH
//SYSPRINT DD SYSOUT=*
//SYSOUT DD SYSOUT=*
//SYSIN DD *
* /******************************************************************/
* /* This sample JCL intends to help with security setup required */
* /* for z/OSMF Workload Management task. */
* /* */
* /* It consists of three parts: */
* /* Part 1 describes Workload Management dependencies on other */
* /* plugins or features. */
* /* Part 2 describes the required security setup for Workload */
* /* Management itself. */
* /* Part 3 describes the security setup for optional features that*/
* /* can potentially enhance the usability of some Workload */
* /* Management features. */
* /******************************************************************/
*
* /*********************** PART 1 ***********************************/
* /* Please review CFZSEC to setup CIM if CIM is not configured. */
* /******************************************************************/
*
* /*********************** PART 2 ***********************************/
* /* */
* /* Begin "Workload Management" Setup. */
* /* */
*
* /* Define Workload Management facility: */
* /* The following commented command is to be issued only if the */
* /* profile does not exist, it normally would have been created */
* /* during z/OS setup. */
* /* RDEFINE FACILITY MVSADMIN.WLM.POLICY UACC(NONE) */
*
* /* Permit the Workload Management security group: */
* PERMIT MVSADMIN.WLM.POLICY CLASS(FACILITY) ID(WLMGRP) ACCESS(UPDATE)
*
* ACF2 *
SET RESOURCE(FAC)
RECKEY MVSADMIN ADD( WLM.POLICY UID(UID string for WLMGRP) -
SERVICE(UPDATE) ALLOW)
*
* /* Permit the started task user ID to MVSADMIN.WLM.POLICY: */
* PERMIT MVSADMIN.WLM.POLICY CLASS(FACILITY) ID(IZUSVR) ACCESS(READ)
*
* ACF2 *
RECKEY MVSADMIN ADD( WLM.POLICY UID(UID string for IZUSVR) -
SERVICE(READ) ALLOW)
*
* /* Make changes effective: */
* SETROPTS RACLIST(FACILITY) REFRESH
*
* ACF2 *
F ACF2,REBUILD(FAC)
*
* /* Profile Definitions for Workload Management: */
* RDEFINE ZMFAPLA +
* IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.VIEW +
* UACC(NONE)
* RDEFINE ZMFAPLA +
* IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.MODIFY +
* UACC(NONE)
* RDEFINE ZMFAPLA +
* IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.INSTALL +
* UACC(NONE)
*
* /* */
* /* Begin zOSMF User Role Setup. */
* /* */
* /* Permit definitions for Workload Management: */
* PERMIT +
* IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.VIEW +
* CLASS(ZMFAPLA) ID(IZUUSER) ACCESS(READ)
*
* ACF2 *
SET RESOURCE(ZMF)
RECKEY IZUDFLT ADD( -
ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.VIEW -
UID(UID string for IZUUSER) SERVICE(READ) ALLOW)
*
* /* */
* /* End zOSMF User Role Setup. */
* /* */
*
* /* */
* /* Begin zOSMF Administrator Role Setup. */
* /* */
* /* Permit definitions for Workload Management: */
* PERMIT +
* IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.VIEW +
* CLASS(ZMFAPLA) ID(IZUADMIN) ACCESS(READ)
* PERMIT +
* IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.MODIFY +
* CLASS(ZMFAPLA) ID(IZUADMIN) ACCESS(READ)
* PERMIT +
* IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.INSTALL +
* CLASS(ZMFAPLA) ID(IZUADMIN) ACCESS(READ)
*
* ACF2 *
SET RESOURCE(ZMF)
RECKEY IZUDFLT ADD( -
ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.VIEW -
UID(UID string for IZUADMIN) SERVICE(READ) ALLOW)
RECKEY IZUDFLT ADD( -
ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.MODIFY -
UID(UID string for IZUADMIN) SERVICE(READ) ALLOW)
RECKEY IZUDFLT ADD( -
ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.INSTALL -
UID(UID string for IZUADMIN) SERVICE(READ) ALLOW)
*
* /* */
* /* End zOSMF Administrator Role Setup. */
* /* */
*
* /* Need to REFRESH these classes for Roles: */
* SETROPTS RACLIST(ZMFAPLA) REFRESH
*
* ACF2 *
SET CONTROL(GSO)
CHANGE INFODIR TYPES(R-RZMF) ADD
F ACF2,REFRESH(INFODIR)
F ACF2,REFRESH(CLASMAP)
F ACF2,REBUILD(ZMF)
*
* /* */
* /* End "Workload Management" Setup. */
* /* */
* /******************************************************************/
*
* /*********************** PART 3 ***********************************/
* /* Below commented access is only needed when you want to enable */
* /* the IBM Cloud Provisioning and Management for z/OS for zOSMF */
* /* Administrator group. */
* /* */
*
* /* Authorizing users to access the WLM Resource Pooling: */
* /* RDEFINE ZMFAPLA + */
* /* IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.ENWRP + */
* /* UACC(NONE) */
* /* PERMIT + */
* /* IZUDFLT.ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.ENWRP + */
* /* CLASS(ZMFAPLA) ID(IZUADMIN) ACCESS(READ) */
* /* SETROPTS RACLIST(ZMFAPLA) REFRESH */
*
* ACF2 *
SET RESOURCE(ZMF)
RECKEY IZUDFLT ADD( -
ZOSMF.WORKLOAD_MANAGEMENT.WORKLOAD_MANAGEMENT.ENWRP -
UID(UID string for IZUADMIN) SERVICE(READ) ALLOW)
F ACF2,REBUILD(ZMF)
*
* /* Activating the ZMFCLOUD resource class: */
* /* SETROPTS CLASSACT(ZMFCLOUD) GENERIC(ZMFCLOUD) RACLIST(ZMFCLOUD)*/
*
* /* Authorizing users to be WLM administrators for default domain: */
* /* RDEFINE ZMFCLOUD + */
* /* IZUDFLT.ZOSMF.RESOURCE_POOL.WLM.IYU0 UACC(NONE) */
* /* PERMIT + */
* /* IZUDFLT.ZOSMF.RESOURCE_POOL.WLM.IYU0 CLASS(ZMFCLOUD) + */
* /* ID(IZUADMIN) ACCESS(READ) */
* /* SETROPTS RACLIST(ZMFCLOUD) REFRESH */
*
* ACF2 *
SET RESOURCE(ZMC)
RECKEY IZUDFLT ADD( ZOSMF.RESOURCE_POOL.WLM.IYU0 -
UID(UID string for IZUADMIN) SERVICE(READ) ALLOW)
SET CONTROL(GSO)
CHANGE INFODIR TYPES(R-RZMC) ADD
F ACF2,REFRESH(INFODIR)
F ACF2,REFRESH(CLASMAP)
F ACF2,REBUILD(ZMC)
*
* /* Authorizing the started task user ID to perform access checks */
* /* in the ZMFCLOUD class: */
* /* RDEFINE SERVER + */
* /* (BBG.SECCLASS.ZMFCLOUD) UACC(NONE) */
* /* PERMIT + */
* /* BBG.SECCLASS.ZMFCLOUD CLASS(SERVER) ID(IZUSVR) ACCESS(READ) */
* /* SETROPTS RACLIST(SERVER) REFRESH */
* /******************************************************************/
* ACF2 *
SET RESOURCE(SRV)
RECKEY BBG ADD( SECCLASS.ZMFCLOUD UID(UID string for IZUSVR) -
SERVICE(READ) ALLOW)
SET CONTROL(GSO)
INSERT CLASMAP.SERVER RESOURCE(SERVER) RSRCTYPE(SRV)
CHANGE INFODIR TYPES(R-RSRV) ADD
F ACF2,REFRESH(CLASMAP)
F ACF2,REFRESH(INFODIR)
F ACF2,REBUILD(SRV)
*
/*
Feedback
Yes
No
Powered by
