We have 2 CA7s running within a SYSPLEX, and want to convert them to use external security. However, the 2 different instances have different RACF requirements, and I cannot find anywhere in the documentation that explains if it is possible to have different RACF definitions between them.
You can set up different security definitions for different CA 7s by using the PCLASS (and possibly RCLASS) keywords on the SECURITY statement in the initialization file.
PCLASS is the class used for resource calls and defaults to [email protected] (for RACF) and PANEL for ACF2 and Top Secret. You can use a different PCLASS--for example, if you use [email protected] (RACF) or PCLASS=TANEL (for ACF2 or Top Secret) for one of your 7's and then you tried to access the DEMAND command from that CA 7 a call is made to external security to see if permission is given for resource name L2QPDMND under the class defined on the PCLASS=. If you try to access the DEMAND command from the CA 7 without the PCLASS= then the call is made to external security checking for permission to the same resource name, but under the PCLASS (default) class.
If you use UID security, you may want to also use the RCLASS keyword which can change the class used when making calls for UID checking.
As always, please contact CA Technologies support for CA 7 if you have further questions.