What are ACF2 equivalent security setup statements for the IBM resource class $OMCANDL?
The IBM RACF security setup commands for the IBM resource class $OMCANDL are as follows.
RDEF $OMCANDL RCMD UACC(NONE) OWNER(GSS)
DATA('ROUTES MVS AND JES2 COMMANDS TO A DESIRED SYSTEM IN A SYSP-
PE RCMD CLASS($OMCANDL) ID(@GZSJR) ACCESS(READ)
PE RCMD CLASS($OMCANDL) ID(@GZSSR) ACCESS(READ)
PE RCMD CLASS($OMCANDL) ID(@ZGZS01) ACCESS(READ)
SETROPTS RACLIST ($OMCANDL) REFRESH
Where a resource is not protected by default, RDEFINE is used in RACF to define
resources. There is no counterpart to this in CA ACF2. CA ACF2 uses a default
protection scheme, which assumes that the resource is protected.
There is no internal CLASMAP record for the resource class $OMCANDL, so by default
when no matching CLASMAP record is found during validation, CA ACF2 uses the first
three characters of the resource class as the resource type, which would be $OM in
this case. The three-character resource type code can let you write specific resource
rules to validate security calls for a specified class.
To use a different resource type code for a resource class other than $OM, you can
insert a CLASMAP record specifically for resource class $OMCANDL. For example, to
change the type code for resource class $OMCANDL from $OM to OMC, insert the following
INSERT CLASMAP.omc RESOURCE($OMCANDL) RSRCTYPE(OMC)
* Note than any three character TYPE code can be used to fit a site's requirements.
If a GSO CLASMAP record is created as described above equivalent ACF2 resource
rules can be written for TYPE(OMC) as shown in the following example.
RECKEY RCMD ADD( UID(UID string for @USER1) -
RECKEY RCMD ADD( UID(UID string for @USER2) -
RECKEY RCMD ADD( UID(UID string for @ZUSER3) -