Liberty Server Authentication against the AAPLID in Top Secret
Article ID: 377573
Updated On:
Products
Issue/Introduction
RACF commands interpreted to Top Secret to create definitions for CMCI to allow Liberty Server Authentication using the APPLID.
Resolution
RDEFINE SERVER +
BBG.SECPFX.&WUI_APPLID +
UACC(NONE) +
OWNER(&OWNER) +
NOTIFY(&NOTIFY)
TSS ADD(dept) SERVER(BBG.) => May already be done when setting up the Liberty Server.
PERMIT BBG.SECPFX.&WUI_APPLID +
CLASS(SERVER) +
ACCESS(READ) +
ID(&WUI_REGION_USERID)
TSS PERMIT(acid) SERVER(BBG.SECPFX) ACCESS(READ)
/*********************************************************************/
/* Permit users to access the WUI region */
/*********************************************************************/
RDEFINE APPL +
&WUI_APPLID +
UACC(NONE) +
OWNER(&OWNER) +
NOTIFY(&NOTIFY)
TSS ADD(dept) APPL(&WUI)
PERMIT &WUI_APPLID +
CLASS(APPL) +
ACCESS(READ) +
ID(&CMCIUSER_ACCESS_LIST)
TSS PERMIT(acid) APPL(&WUI)
/*********************************************************************/
/* Permit users to access CMCI via EJBROLE */
/*********************************************************************/
RDEFINE EJBROLE +
&PROFILE_PREFIX..CMCI.CMCIUSER +
UACC(NONE) +
NOTIFY(&NOTIFY) +
OWNER(&OWNER)
TSS ADD(dept) EJBROLE(&PROFILE)
PERMIT &PROFILE_PREFIX..CMCI.CMCIUSER +
CLASS(EJBROLE) +
ID(&CMCIUSER_ACCESS_LIST) +
ACCESS(READ)
TSS PERMIT(acid) EJBROLE(&PROFILE) ACCESS(READ)
/*********************************************************************/
/* Permit users to access the programs used by CMCI and GraphQL */
/*********************************************************************/
RDEFINE &PROGRAM_CLASS +
CMCIUSER +
ADDMEM(DFHWUICC,EYU9XDJG) +
UACC(NONE) +
NOTIFY(&NOTIFY) +
OWNER(&OWNER)
TSS ADD(dept) PROGRAM(CMCIUSER)
PERMIT CMCIUSER +
CLASS(&PROGRAM_CLASS) +
ID(&CMCIUSER_ACCESS_LIST) +
ACCESS(READ)
TSS PERMIT(acid) PROGRAM(CMCIUSER)
Feedback
