Does CA ACF2 support IBM ENF SIGNAL TYPE 71?

book

Article ID: 39832

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - DB2 Option CA ACF2 for zVM CA ACF2 - z/OS CA ACF2 - MISC CA PanApt CA PanAudit

Issue/Introduction

Question:

Does CA ACF2 support IBM ENF SIGNAL TYPE 71?

 

Description:

In z/OS 1.11, IBM added an ENF 71 signal for support of z/OS Identity  

propagation. In z/OS 2.1 (and rolling back to z/OS 1.13), IBM          

expanded the ENF 71 signaling capability in RACF to allow listeners,   

such as CICS and DB2, to take actions based on this signal.            

The ENF 71 signal is issued to alert listeners to a possible change in 

a user's or group's authorizations to resources.                       

                                                                       

In RACF, an ENF 71 signal is sent when any of the following RACF       

commands is issued on a z/OS 2.1 system (ENF 71 plist is version 2):   

                                                                       

- ALTUSER...REVOKE (added at z/OS 1.11 level for CICS ENF support)     

- DELUSER          (added at z/OS 1.11 level for CICS ENF support)     

- CONNECT          (added at z/OS 2.1/1.13 levels for DB2 ENF support) 

- REMOVE           (added at z/OS 2.1/1.13 levels for DB2 ENF support) 

- DELGROUP         (added at z/OS 2.1/1.13 levels for DB2 ENF support) 

                                                                       

In addition, RACF ENF 71 support includes the following:               

                                                                       

- The Group ID is added to the ENF 71 signal issued when               

  CONNECT, REMOVE and DELGROUP commands are issued.                    

                                                                       

- The CONNECT command enables a control flag to indicate whether       

  it is a CONNECT REVOKE, for additional granularity.                  

 

Answer:

CA ACF2 Added support in release 15.0 with ptf RO61511, which carries

through to subsequent releases without maintenance.

 

CA ACF2 will support ENF 71 signaling for some ENF-qualifying events. 

CA ACF2 will ensure that listeners for ENF 71, such as CICS and       

DB2, receive correct and expected information in the signal issued    

by CA ACF2 and are able to take proper actions based on the signal.   

 

In CA ACF2, an ENF 71 signal is automatically sent when any of the     

following commands is issued:                                          

                                                                       

- CHANGE {LIKE(lid-mask) | lid } SUSPEND (RACF ALTUSER REVOKE command) 

- CHANGE {LIKE(lid-mask) | lid } CANCEL  (RACF ALTUSER REVOKE command) 

- DELETE {LIKE(lid-mask) | lid           (RACF DELUSER command)        

 

Environment

Release:
Component: ACF2MS