Multiple CA 7s Using Different External Security

book

Article ID: 39760

calendar_today

Updated On:

Products

CA Workload Automation CA 7 Edition CA-7 JOB MGMT CA 7 Workload Automation

Issue/Introduction

Issue: 

We have 2 CA7s running within a SYSPLEX, and want to convert them to use external security. However, the 2 different instances have different RACF requirements, and I cannot find anywhere in the documentation that explains if it is possible to have different RACF definitions between them.

Resolution:

You can set up different security definitions for different CA 7s by using the PCLASS (and possibly RCLASS) keywords on the SECURITY statement in the initialization file. 

PCLASS is the class used for resource calls and defaults to [email protected] (for RACF) and PANEL for ACF2 and Top Secret. You can use a different PCLASS--for example, if you use [email protected] (RACF) or PCLASS=TANEL (for ACF2 or Top Secret) for one of your 7's and then you tried to access the DEMAND command from that CA 7 a call is made to external security to see if permission is given for resource name L2QPDMND under the class defined on the PCLASS=. If you try to access the DEMAND command from the CA 7 without the PCLASS= then the call is made to external security checking for permission to the same resource name, but under the PCLASS (default) class. 

If you use UID security, you may want to also use the RCLASS keyword which can change the class used when making calls for UID checking. 

Additional Information:

As always, please contact CA Technologies support for CA 7 if you have further questions.

 

 

Environment

Release:
Component: 7