BMC connector for Venafi ACF2 security configuration
search cancel

BMC connector for Venafi ACF2 security configuration

book

Article ID: 417013

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

Is there a sample ACF2 security configuration for BMC connector for Venafi?

Resolution

The following sample ACFBATCH job provided resource rules for BMC connector for Venafi.

//ACFBATCH EXEC PGM=ACFBATCH
//* EC Venafi ACF2 
//SYSPRINT DD SYSOUT=*      
//SYSIN    DD *             
* BMC AMI SECURITY POLICY MANAGER
SET RESOURCE(FAC)                                               
RECKEY RSM ADD($USERDATA(BMC AMI SECURITY POLICY MANAGER))      
RECKEY RSM ADD(RSS.ALLOWIN UID(<USERID>) SERVICE(READ) ALLOW)     
RECKEY RSM ADD(RSS.TOOLS UID(<USERID>) SERVICE(READ) ALLOW)     
RECKEY RSM ADD(RSS.SPM UID(<USERID>) SERVICE(READ) ALLOW)       
RECKEY RSM ADD(RSS.BATCH UID(<USERID>) SERVICE(READ) ALLOW)     
RECKEY RSM ADD(RSS.VENAFI UID(XXX) SERVICE(READ) ALLOW -        
 DATA(VENAFI WEB INTERFACE ACCESS))                             
* BMC AMI Security Policy Manager
RECKEY BMC ADD($USERDATA(BMC AMI Security Policy Manager))
RECKEY BMC ADD(RSS.SPMCOMP  UID(<userID>) SERVICE(UPDATE) ALLOW)
RECKEY BMC ADD(RSS.SPMCOMP  UID(<userID>) SERVICE(READ) ALLOW)
RECKEY BMC ADD(RSS.SPMIMPRT UID(<userID>) SERVICE(READ) ALLOW)
RECKEY BMC ADD(RSS.SPM      UID(<userID>) SERVICE(READ) ALLOW)
RECKEY BMC ADD(RSS.UICERT UID(<userID>) SERVICE(READ) ALLOW -
 DATA(EC Venafi UI to create new certificates))
F ACF2,REBUILD(FAC)
* The EC for Venafi agent address space access 
SET RESOURCE(AUT)
RECKEY ACFCMD ADD(DIGTCERT.CHKCERT USER(<USERID>) -     
  SERVICE(READ,UPDATE,DELETE) ALLOW)                    
RECKEY ACFCMD ADD(DIGTCERT.CONNECT USER(<USERID>) -     
  SERVICE(READ,UPDATE,DELETE) ALLOW)                    
RECKEY ACFCMD ADD(DIGTCERT.EXPORT USER(<USERID>) -      
 SERVICE(READ,UPDATE,DELETE) ALLOW)                     
RECKEY ACFCMD ADD(DIGTCERT.GENCERT USER(<USERID>) -     
 SERVICE(READ,UPDATE,DELETE) ALLOW)                     
RECKEY ACFCMD ADD(DIGTCERT.GENREQ USER(<USERID>) -      
 SERVICE(READ,UPDATE,DELETE) ALLOW)                     
RECKEY ACFCMD ADD(DIGTCERT.REKEY USER(<USERID>) -       
 SERVICE(READ,UPDATE,DELETE) ALLOW)                     
RECKEY ACFCMD ADD(DIGTCERT.ADD USER(<USERID>) -         
 SERVICE(READ,UPDATE,DELETE) ALLOW)                     
RECKEY ACFCMD ADD(DIGTCERT.ADDRING USER(<USERID>) -     
 SERVICE(READ,UPDATE,DELETE) ALLOW)                     
RECKEY ACFCMD ADD(DIGTCERT.ALTER USER(<USERID>) -       
 SERVICE(READ,UPDATE,DELETE) ALLOW)                     
RECKEY ACFCMD ADD(DIGTCERT.LIST USER(<USERID>) -        
 SERVICE(READ,UPDATE,DELETE) ALLOW)                     
RECKEY ACFCMD ADD(DIGTCERT.LISTRING USER(<USERID>) -    
 SERVICE(READ,UPDATE,DELETE) ALLOW)                     
RECKEY ACFCMD ADD(DIGTCERT.DELETE USER(<USERID>) -      
 SERVICE(READ,UPDATE,DELETE) ALLOW)                     
RECKEY ACFCMD ADD(DIGTCERT.DELRING USER(<USERID>) -     
 SERVICE(READ,UPDATE,DELETE) ALLOW)                     
F ACF2,REBUILD(AUT)                                     
/*

Powered by Wolken Software