I have the CFT/MVS product from vendor Sopra that has RACF setup definitions for external security. Is there is an ACF2 equivalent setup available?
Article ID: 50641
Updated On:
Products
ACF2
ACF2 - DB2 Option
ACF2 for zVM
ACF2 - z/OS
ACF2 - MISC
PanApt
PanAudit
Issue/Introduction
I have the CFT/MVS product from vendor Sopra that has RACF setup definitions for external security. Is there is an ACF2 equivalent setup available?
Environment
Release:
Component: ACF2MS
Component: ACF2MS
Resolution
There is a CA ACF2 Equivalent for the RACF setup available for the (CFT)Cross File Transfer product.
The CA ACF2 setup in the form of a batch job with embedded comments and instructions follow.
//ACF2CFT JOB //*============================================================= //* //* A C F 2 C F T //* //*============================================================= //* //* LICENSE: THIS CODE IS PART OF THE CA-ACF2 SYSTEM, //* A LICENSED PROGRAM PRODUCT OF CA. //* Copyright (C) 2007 CA. All rights reserved. //* //*============================================================= //* //* This is a sample job which provides the eTrust CA-ACF2 //* commands for Cross File Transfer(CFT) Release 2.3 setup in an //* eTrust CA-ACF2 secured environment. The following job steps //* correspond to the steps in the CFT Cross File Transfer(CFT) //* Release 2.3 documentation in appendix B and E. //* //* JOB STEP SUMMARY //* //* Step 1 H83SAFDA : TO CREATE GROUPS AND USERS //* Step 2 H84SAFDF : TO CREATE CFT GENERAL RESOURCE CLASS //* Step 3 H85SAFPR : TO Create Resource Rules //* Step 4 H83SAFAS : TO CREATE DATASET ACCESS RULES //* Step 5 H89SAFAU : Protecting CFT objects //* //*============================================================= //* NOTES: //* ------ //* 1) Please read through the comments carefully before //* running this job to determine what commands will be //* needed to setup your own customized environment. //* //* 2) All steps have been coded with PGM=IKJEFT01 //* //* 3) All steps should finish with a return code of zero. //* //* 4) Please review the results of this job carefully. //* //* 5) The CFT documentation creates six groups. The rules //* in this sample job have these groups coded in the ACF2 //* UID string. The UID string should be changed to meet //* your site standards. A rule entry with a UID string //* for any logonid that needs to be associated with these //* groups should be added in place of the rule entry that //* specifies the group. //* //* The six CFT groups are: //* //* GRPCFT CFT Administrator Group //* GRPMON CFT Monitor Group //* GRPAPRM CFT All Parameters Group //* GRPFPRM CFT File Parameters Group //* GRPDESK CFT Help Desk Group //* GRPTRF CFT Transfer Group //* //* For example, if logonid USER123 is associated with the //* group GRPDESK, the following RECKEY command for GRPDESK //* would either be replaced or an additional rule entry added //* for USER123: //* //* Rule entry for group GRPDESK: //* //* RECKEY SWT_LOG ADD( - UID(UID for GRPDESK) SERVICE(DELETE) ALLOW) //* //* New/replacement rule entry for USER123 //* //* RECKEY SWT_LOG ADD( - UID(UID for USER123) SERVICE(DELETE) ALLOW) //* //* //* This batch job is provided for your convenience. Documentation //* on the ACF commands used in this job can be found in the //* CA-ACF2 Security for z/OS Administrators Guide. //* //*============================================================= //* Step 1 H83SAFDA : TO CREATE GROUPS AND USERS Page B-1 //*============================================================= //* //H83SAFDA EXEC PGM=IKJEFT01,REGION=0K //SYSPRINT DD SYSOUT=* //SYSTSPRT DD SYSOUT=* //SYSUDUMP DD SYSOUT=* //SYSTSIN DD * ACF * Group and user profiles * dataset profiles SET RULE RECKEY CFTV2 ADD( - UID(UID GRPCFT) WRITE(A)) RECKEY CFTV2 ADD( - UID(UID ADMCFT) WRITE(A)) * Add CFT administrator * ADD USER THAT WILL START THE MONITOR (USER OF START TASK) * ADD USER THAT WILL BE THE OWNER OF THE DEFAULT LOCAL APPLICATION * ** * ** NOTE: PASSWORD is required if GSO PSWD PSWDREQ is specified * ** SET LID INSERT ADMCFT GROUP(GRPCFT) NAME(CFT ADMINISTRATOR) PASSWORD(pppppppp) INSERT USERMON GROUP(GRPMON) NAME(CFT MONITOR USER) STC INSERT USERDEF GROUP(GRPTRF) NAME(CFT TRANSFER USER) PASSWORD(pppppppp) //* //*============================================================= //* Step 2 H84SAFDF : TO CREATE CFT GENERAL RESOURCE CLASS Page B-2 //*============================================================= //* //H84SAFDF EXEC PGM=IKJEFT01,REGION=0K //SYSPRINT DD SYSOUT=* //SYSTSPRT DD SYSOUT=* //SYSUDUMP DD SYSOUT=* //SYSTSIN DD * ACF * Parameter command definitions * Partner Command definitions * CFT Command definitions * Operator Command Definitions * APPL definitions * VFM File definitions * Transfer definitions * Message Definitions SET CONTROL(GSO) * ** * ** NOTE: Adapt POSIT number to your installation needs. * ** INSERT CLASMAP.cft RESOURCE(safcftcl) RSRCTYPE(CFT) ENTITYLN(246) - POSIT(25) CHANGE INFODIR TYPES(R-RCFT) ADD F ACF2,REFRESH(CLASMAP) F ACF2,REFRESH(INFODIR) //* //*============================================================= //* Step 3 H85SAFPR : TO Create Resource Rules Page B-3 //*============================================================= //* //H85SAFPR EXEC PGM=IKJEFT01,REGION=0K //SYSPRINT DD SYSOUT=* //SYSTSPRT DD SYSOUT=* //SYSUDUMP DD SYSOUT=* //SYSTSIN DD * ACF * * H85SAFPR : TO Create Resource Rules Page B-3 * SET RESOURCE(CFT) RECKEY CFTACCNT ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTACCNT ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTACCNT ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTCAT ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTCAT ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTCAT ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTCOM ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTCOM ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTCOM ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTLOG ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTLOG ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTLOG ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTNET ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTNET ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTNET ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTPARM ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTPARM ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTPARM ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTPROT ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTPROT ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTPROT ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTAUTH ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTAUTH ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTAUTH ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTEXIT ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTEXIT ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTEXIT ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTRECV ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTRECV ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTRECV ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTSEND ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTSEND ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTSEND ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTSENDI ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTSENDI ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTSENDI ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTXLATE ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTXLATE ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTXLATE ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTIDF ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTIDF ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTIDF ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTETB ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTETB ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTETB ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) * Partner command definitions RECKEY CFTPART ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTPART ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTPART ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTX25 ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTX25 ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTX25 ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTTCP ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTTCP ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTTCP ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTLU62 ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTLU62 ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTLU62 ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTSNA ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTSNA ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTSNA ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTDEST ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTDEST ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTDEST ADD( - UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) * CFT command definitions RECKEY SHUT ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY SHUT ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY SHUT ADD( - UID(UID for GRPDESK) SERVICE(DELETE) ALLOW) RECKEY SWT_LOG ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY SWT_LOG ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY SWT_LOG ADD( - UID(UID for GRPDESK) SERVICE(DELETE) ALLOW) RECKEY SWT_ACNT ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY SWT_ACNT ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY SWT_ACNT ADD( - UID(UID for GRPDESK) SERVICE(DELETE) ALLOW) RECKEY INACT ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY INACT ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY INACT ADD( - UID(UID for GRPDESK) SERVICE(DELETE) ALLOW) RECKEY ACT ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY ACT ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY ACT ADD( - UID(UID for GRPDESK) SERVICE(DELETE) ALLOW) RECKEY MQUERY ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY MQUERY ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY MQUERY ADD( - UID(UID for GRPDESK) SERVICE(DELETE) ALLOW) * Operator command definitions RECKEY ALL_CAT ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY ALL_CAT ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY ALL_CAT ADD( - UID(UID for GRPDESK) SERVICE(DELETE) ALLOW) RECKEY ALL_COM ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY ALL_COM ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY ALL_COM ADD( - UID(UID for GRPDESK) SERVICE(DELETE) ALLOW) RECKEY ALL_PARM ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY ALL_PARM ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY ALL_PARM ADD( - UID(UID for GRPDESK) SERVICE(DELETE) ALLOW) RECKEY ALL_PART ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY ALL_PART ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY ALL_PART ADD( - UID(UID for GRPDESK) SERVICE(DELETE) ALLOW) * APPL command definitions RECKEY APPL ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY APPL ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) * Transfer definitions RECKEY TRANSFER ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY TRANSFER ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY COMMUT ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY COMMUT ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) * Message definitions RECKEY MESSAGE ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY MESSAGE ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) * VFM file definitions RECKEY VFMFILE ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY VFMFILE ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY VFMFILE ADD( - UID(UID for GRPMON) SERVICE(DELETE) ALLOW) RECKEY VFMFILE ADD( - UID(UID for USERMON) SERVICE(DELETE) ALLOW) RECKEY ALL_VFM ADD( - UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY ALL_VFM ADD( - UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY ALL_VFM ADD( - UID(UID for GRPMON) SERVICE(DELETE) ALLOW) RECKEY ALL_VFM ADD( - UID(UID for USERMON) SERVICE(DELETE) ALLOW) F ACF2,REBUILD(CFT) //* //*============================================================= //* Step 4 H83SAFAS : TO CREATE DATASET ACCESS RULES E-6 //*============================================================= //H83SAFAS EXEC PGM=IKJEFT01,REGION=0K //SYSPRINT DD SYSOUT=* //SYSTSPRT DD SYSOUT=* //SYSUDUMP DD SYSOUT=* //SYSTSIN DD * ACF SET RULE RECKEY CFTV2 ADD( - UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( - UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( - UID(UID for GRPMON) READ(A)) RECKEY CFTV2 ADD( - UID(UID for USERMON) READ(A)) RECKEY CFTV2 ADD( - UID(UID for GRPAPRM) READ(A)) RECKEY CFTV2 ADD( - UID(UID for GRPFPRM) READ(A)) RECKEY CFTV2 ADD( - UID(UID for GRPDESK) READ(A)) RECKEY CFTV2 ADD( - UID(UID for GRPTRF) READ(A)) RECKEY CFTV2 ADD( - UID(UID for USERDEF) READ(A)) RECKEY CFTV2 ADD( load UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( load UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( load UID(UID for GRPMON) READ(A)) RECKEY CFTV2 ADD( load UID(UID for USERMON) READ(A)) RECKEY CFTV2 ADD( load UID(UID for GRPAPRM) READ(A)) SET RESOURCE(PGM) RECKEY SGINSTALL ADD( - UID(UID for GRPCFT) SERVICE(READ) ALLOW) RECKEY SGINSTALL ADD( - UID(UID for ADMCFT) SERVICE(READ) ALLOW) RECKEY SGINSTALL ADD( - UID(UID for GRPMON) SERVICE(READ) ALLOW) RECKEY SGINSTALL ADD( - UID(UID for USERMON) SERVICE(READ) ALLOW) RECKEY SGINSTALL ADD( - UID(UID for GRPAPRM) SERVICE(READ) ALLOW) SET RESOURCE(PGM) RECKEY CFT***** ADD( - UID(UID for GRPCFT) SERVICE(READ) ALLOW) RECKEY CFT***** ADD( - UID(UID for ADMCFT) SERVICE(READ) ALLOW) RECKEY CFT***** ADD( - UID(UID for GRPMON) SERVICE(READ) ALLOW) RECKEY CFT***** ADD( - UID(UID for USERMON) SERVICE(READ) ALLOW) RECKEY CFT***** ADD( - UID(UID for GRPAPRM) SERVICE(READ) ALLOW) RECKEY VFM***** ADD( - UID(UID for GRPCFT) SERVICE(READ) ALLOW) RECKEY VFM***** ADD( - UID(UID for ADMCFT) SERVICE(READ) ALLOW) RECKEY VFM***** ADD( - UID(UID for GRPMON) SERVICE(READ) ALLOW) RECKEY VFM***** ADD( - UID(UID for USERMON) SERVICE(READ) ALLOW) RECKEY VFM***** ADD( - UID(UID for GRPAPRM) SERVICE(READ) ALLOW) F ACF2,REBUILD(PGM) SET RULE RECKEY CFTV2 ADD( loadmain UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( loadmain UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( loadmain UID(UID for GRPMON) READ(A)) RECKEY CFTV2 ADD( loadmain UID(UID for USERMON) READ(A)) RECKEY CFTV2 ADD( parm UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( parm UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( parm UID(UID for GRPAPRM) WRITE(A)) RECKEY CFTV2 ADD( parm UID(UID for GRPMON) READ(A)) RECKEY CFTV2 ADD( parm UID(UID for USERMON) READ(A)) RECKEY CFTV2 ADD( parm UID(UID for GRPDESK) READ(A)) RECKEY CFTV2 ADD( parm UID(UID for GRPFPRM) WRITE(A) PROGRAM(CFTUTIL)) RECKEY CFTV2 ADD( parm UID(UID for GRPFPRM) WRITE(A) PROGRAM(CFTINTV)) RECKEY CFTV2 ADD( parm UID(UID for GRPFPRM) WRITE(A) PROGRAM(CFTIUI)) RECKEY CFTV2 ADD( parm UID(UID for GRPFPRM) WRITE(A) PROGRAM(CFTAPI)) RECKEY CFTV2 ADD( part UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( part UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( part UID(UID for GRPAPRM) WRITE(A)) RECKEY CFTV2 ADD( part UID(UID for GRPMON) READ(A)) RECKEY CFTV2 ADD( part UID(UID for USERMON) READ(A)) RECKEY CFTV2 ADD( part UID(UID for GRPFPRM) WRITE(A) PROGRAM(CFTUTIL)) RECKEY CFTV2 ADD( part UID(UID for GRPDESK) WRITE(A) PROGRAM(CFTUTIL)) RECKEY CFTV2 ADD( part UID(UID for GRPFPRM) WRITE(A) PROGRAM(CFTINTV)) RECKEY CFTV2 ADD( part UID(UID for GRPDESK) WRITE(A) PROGRAM(CFTINTV)) RECKEY CFTV2 ADD( part UID(UID for GRPFPRM) WRITE(A) PROGRAM(CFTIUI)) RECKEY CFTV2 ADD( part UID(UID for GRPDESK) WRITE(A) PROGRAM(CFTIUI)) RECKEY CFTV2 ADD( part UID(UID for GRPFPRM) WRITE(A) PROGRAM(CFTAPI)) RECKEY CFTV2 ADD( part UID(UID for GRPDESK) WRITE(A) PROGRAM(CFTAPI)) RECKEY CFTV2 ADD( com UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( com UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( com UID(UID for GRPMON) WRITE(A)) RECKEY CFTV2 ADD( com UID(UID for USERMON) WRITE(A)) RECKEY CFTV2 ADD( com UID(UID for GRPFPRM) WRITE(A) PROGRAM(CFTUTIL)) RECKEY CFTV2 ADD( com UID(UID for GRPDESK) WRITE(A) PROGRAM(CFTUTIL)) RECKEY CFTV2 ADD( com UID(UID for GRPTRF) WRITE(A) PROGRAM(CFTUTIL)) RECKEY CFTV2 ADD( com UID(UID for USERDEF) WRITE(A) PROGRAM(CFTUTIL)) RECKEY CFTV2 ADD( com UID(UID for GRPFPRM) WRITE(A) PROGRAM(CFTINTV)) RECKEY CFTV2 ADD( com UID(UID for GRPDESK) WRITE(A) PROGRAM(CFTINTV)) RECKEY CFTV2 ADD( com UID(UID for GRPTRF) WRITE(A) PROGRAM(CFTINTV)) RECKEY CFTV2 ADD( com UID(UID for USERDEF) WRITE(A) PROGRAM(CFTINTV)) RECKEY CFTV2 ADD( com UID(UID for GRPFPRM) WRITE(A) PROGRAM(CFTIUI)) RECKEY CFTV2 ADD( com UID(UID for GRPDESK) WRITE(A) PROGRAM(CFTIUI)) RECKEY CFTV2 ADD( com UID(UID for GRPTRF) WRITE(A) PROGRAM(CFTIUI)) RECKEY CFTV2 ADD( com UID(UID for USERDEF) WRITE(A) PROGRAM(CFTIUI)) RECKEY CFTV2 ADD( com UID(UID for GRPFPRM) WRITE(A) PROGRAM(CFTAPI)) RECKEY CFTV2 ADD( com UID(UID for GRPDESK) WRITE(A) PROGRAM(CFTAPI)) RECKEY CFTV2 ADD( com UID(UID for GRPTRF) WRITE(A) PROGRAM(CFTAPI)) RECKEY CFTV2 ADD( com UID(UID for USERDEF) WRITE(A) PROGRAM(CFTAPI)) RECKEY CFTV2 ADD( catalog UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( catalog UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( catalog UID(UID for GRPMON) WRITE(A)) RECKEY CFTV2 ADD( catalog UID(UID for USERMON) WRITE(A)) RECKEY CFTV2 ADD( catalog UID(UID for GRPFPRM) READ(A)) RECKEY CFTV2 ADD( secini UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( secini UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( secini UID(UID for GRPMON) READ(A)) RECKEY CFTV2 ADD( secini UID(UID for USERMON) READ(A)) RECKEY CFTV2 ADD( secini UID(UID for GRPAPRM) READ(A)) RECKEY CFTV2 ADD( secini UID(UID for GRPFPRM) READ(A)) RECKEY CFTV2 ADD( secini UID(UID for GRPDESK) READ(A)) RECKEY CFTV2 ADD( secini UID(UID for GRPTRF) READ(A)) RECKEY CFTV2 ADD( secini UID(UID for USERDEF) READ(A)) RECKEY CFTV2 ADD( secact UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( secact UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( secact UID(UID for GRPMON) READ(A)) RECKEY CFTV2 ADD( secact UID(UID for USERMON) READ(A)) RECKEY CFTV2 ADD( secact UID(UID for GRPAPRM) READ(A)) RECKEY CFTV2 ADD( secact UID(UID for GRPFPRM) READ(A)) RECKEY CFTV2 ADD( secact UID(UID for GRPDESK) READ(A)) RECKEY CFTV2 ADD( secact UID(UID for GRPTRF) READ(A)) RECKEY CFTV2 ADD( secact UID(UID for USERDEF) READ(A)) RECKEY CFTV2 ADD( secobj UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( secobj UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( secobj UID(UID for GRPMON) READ(A)) RECKEY CFTV2 ADD( secobj UID(UID for USERMON) READ(A)) RECKEY CFTV2 ADD( secobj UID(UID for GRPAPRM) READ(A)) RECKEY CFTV2 ADD( secobj UID(UID for GRPFPRM) READ(A)) RECKEY CFTV2 ADD( secobj UID(UID for GRPDESK) READ(A)) RECKEY CFTV2 ADD( secobj UID(UID for GRPTRF) READ(A)) RECKEY CFTV2 ADD( secobj UID(UID for USERDEF) READ(A)) RECKEY CFTV2 ADD( log1 UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( log1 UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( log1 UID(UID for GRPMON) WRITE(A)) RECKEY CFTV2 ADD( log1 UID(UID for USERMON) WRITE(A)) RECKEY CFTV2 ADD( log1 UID(UID for GRPAPRM) READ(A)) RECKEY CFTV2 ADD( log1 UID(UID for GRPFPRM) READ(A)) RECKEY CFTV2 ADD( log1 UID(UID for GRPDESK) READ(A)) RECKEY CFTV2 ADD( log1 UID(UID for GRPTRF) READ(A)) RECKEY CFTV2 ADD( log1 UID(UID for USERDEF) READ(A)) RECKEY CFTV2 ADD( log2 UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( log2 UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( log2 UID(UID for GRPMON) WRITE(A)) RECKEY CFTV2 ADD( log2 UID(UID for USERMON) WRITE(A)) RECKEY CFTV2 ADD( log2 UID(UID for GRPAPRM) READ(A)) RECKEY CFTV2 ADD( log2 UID(UID for GRPFPRM) READ(A)) RECKEY CFTV2 ADD( log2 UID(UID for GRPDESK) READ(A)) RECKEY CFTV2 ADD( log2 UID(UID for GRPTRF) READ(A)) RECKEY CFTV2 ADD( log2 UID(UID for USERDEF) READ(A)) RECKEY CFTV2 ADD( ACCNT1 UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( ACCNT1 UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( ACCNT1 UID(UID for GRPMON) WRITE(A)) RECKEY CFTV2 ADD( ACCNT1 UID(UID for USERMON) WRITE(A)) RECKEY CFTV2 ADD( ACCNT1 UID(UID for GRPAPRM) READ(A)) RECKEY CFTV2 ADD( ACCNT1 UID(UID for GRPFPRM) READ(A)) RECKEY CFTV2 ADD( ACCNT1 UID(UID for GRPDESK) READ(A)) RECKEY CFTV2 ADD( ACCNT1 UID(UID for GRPTRF) READ(A)) RECKEY CFTV2 ADD( ACCNT1 UID(UID for USERDEF) READ(A)) RECKEY CFTV2 ADD( ACCNT2 UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( ACCNT2 UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( ACCNT2 UID(UID for GRPMON) WRITE(A)) RECKEY CFTV2 ADD( ACCNT2 UID(UID for USERMON) WRITE(A)) RECKEY CFTV2 ADD( ACCNT2 UID(UID for GRPAPRM) READ(A)) RECKEY CFTV2 ADD( ACCNT2 UID(UID for GRPFPRM) READ(A)) RECKEY CFTV2 ADD( ACCNT2 UID(UID for GRPDESK) READ(A)) RECKEY CFTV2 ADD( ACCNT2 UID(UID for GRPTRF) READ(A)) RECKEY CFTV2 ADD( ACCNT2 UID(UID for USERDEF) READ(A)) RECKEY CFTV2 ADD( VFM-.- UID(UID for GRPCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( VFM-.- UID(UID for ADMCFT) ALLOCATE(A)) RECKEY CFTV2 ADD( VFM-.- UID(UID for GRPMON) WRITE(A)) RECKEY CFTV2 ADD( VFM-.- UID(UID for USERMON) WRITE(A)) //* //*============================================================= //* Step 5 H89SAFAU : Protecting CFT objects Page E-9 //*============================================================= //* //H89SAFAU EXEC PGM=IKJEFT01,REGION=0K //SYSPRINT DD SYSOUT=* //SYSTSPRT DD SYSOUT=* //SYSUDUMP DD SYSOUT=* //SYSTSIN DD * ACF * To authorize "usera" to create CFTRECV command for ID=DEFAULT SET RESOURCE(CFT) RECKEY CFTRECV ADD( DEFAULT UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTRECV ADD( DEFAULT UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTRECV ADD( DEFAULT UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTRECV ADD( DEFAULT UID(UID for usera) SERVICE(DELETE) ALLOW) * To authorize "userb" to create CFTSEND command for ID=DEFAULT RECKEY CFTSEND ADD( DEFAULT UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTSEND ADD( DEFAULT UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTSEND ADD( DEFAULT UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTSEND ADD( DEFAULT UID(UID for userb) SERVICE(DELETE) ALLOW) * To authorize "usera,userb" to create CFTAPPL command for ID=DEFAULT RECKEY CFTAPPL ADD( DEFAULT UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY CFTAPPL ADD( DEFAULT UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY CFTAPPL ADD( DEFAULT UID(UID for GRPAPRM) SERVICE(DELETE) ALLOW) RECKEY CFTAPPL ADD( DEFAULT UID(UID for usera) SERVICE(DELETE) ALLOW) RECKEY CFTAPPL ADD( DEFAULT UID(UID for userb) SERVICE(DELETE) ALLOW) * To authorize "userf" to issue SEND/RECV command for IDF=DEFAULT RECKEY APPL ADD( DEFAULT UID(UID for GRPCFT) SERVICE(DELETE) ALLOW) RECKEY APPL ADD( DEFAULT UID(UID for ADMCFT) SERVICE(DELETE) ALLOW) RECKEY APPL ADD( DEFAULT UID(UID for userf) SERVICE(DELETE) ALLOW) * To authorize "userg" to send the file MY_DSN.xxx RECKEY TRANSFER ADD( S.DEFAULT.PART.my_dsn.- UID(UID for GRPCFT) - SERVICE(DELETE) ALLOW) RECKEY TRANSFER ADD( S.DEFAULT.PART.my_dsn.- UID(UID for ADMCFT) - SERVICE(DELETE) ALLOW) RECKEY TRANSFER ADD( S.DEFAULT.PART.my_dsn.- UID(UID for userg) - SERVICE(DELETE) ALLOW) * To authorize "USERDEF" to receive any file RECKEY TRANSFER ADD( R.DEFAULT.- UID(UID for GRPCFT) - SERVICE(DELETE) ALLOW) RECKEY TRANSFER ADD( R.DEFAULT.- UID(UID for ADMCFT) - SERVICE(DELETE) ALLOW) RECKEY TRANSFER ADD( R.DEFAULT.- UID(UID for USERDEF) - SERVICE(DELETE) ALLOW) F ACF2,REBUILD(CFT) //*
Feedback
Yes
No
Powered by
