What does the WHEN(CONSOLE(xxxx)) RACF statement correlate to in ACF2?

book

Article ID: 41383

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

Question:

What does the WHEN(CONSOLE(xxxx)) RACF statement correlate to in ACF2?  I have seen this for SDSF, JMON, and EJES.

 

Answer:

IBM updates the POE (Port Of Entry)  of the token of the call with the name in the WHEN statement.  To ACF2, the POE is the Source.  So for SDSF and JMON, the rule lines would look like this:

RACF STATEMENT>> PERMIT CLASS(OPERCMDS) JES2.** ID(*) ACCESS(CONTROL) WHEN(CONSOLE(SDSF))                                  

>> $KEY(JES2) TYPE(OPR)

     - UID(uid string of allowed users) SERVICE(DELETE) ALLOW SOURCE(SDSF)

 

RACF statement>> PERMIT JES%.** CLASS(OPERCMDS)  ID(*) ACCESS(UPDATE) WHEN(CONSOLE(JMON))                                  

>> $KEY(JES%) TYPE(OPR)

     - UID(uid string of allowed users) SERVICE(UPDATE) ALLOW SOURCE(JMON)

 

RACF STATEMENT >> PERMIT  CLASS(OPERCMDS) JES3.** ID(*) ACCESS(UPDATE) WHEN(CONSOLE(EJES)) 

>> $KEY(JES3) TYPE(OPR)

     - UID(uid string of allowed users) SERVICE(UPDATE) ALLOW SOURCE(EJES)                                  

Environment

Release:
Component: ACF2MS