How to Implement External Security for Datacom

Products

Datacom DATACOM - AD Ideal CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware

Issue/Introduction

Description:

This document is the first in a series of articles that summarize what is required to implement external security for Datacom using one of the three external security products, ACF2, TopSecret, or RACF. Full documentation on this functionality is published in the CA Datacom/DB Security Guide. This document describes the prerequisites and what they are used for.

Solution:

The following products or sub-components must be defined before you begin to implement external security for Datacom:

CAIRIM - A Component of CA-Common Services (for z/OS) or CA-CIS (for z/VSE).

This component should have been installed prior to installing CA Datacom/DB or CA Datacom/AD. CAIRIM is how you can define the SVC which defines the Multi-User being used.

CAISSF - Is a subservice of CAIRIM, and provides the link between the Advantage CA Datacom products and the external security product. For RACF define the CA Command CA@MD (by default).

CAIIPC - CA Inter-Product Components is required for Datadictionary (and Advantage CA-Ideal) online Signons.

You must use the SC00OPTS SECRTY=Y , if you want UserIDs and Passwords validated by the external security product. This parameter must be "Y" the default is "N". See Section 2.6 Enabling Online Signons in the CA Datacom Security Guide.

ACF2, TopSecret, or RACF - Installing one of the three external security products at current releases.

MUF authorized - The Multi-User Facility (MUF) must run authorized if using external security in a z/OS environments. Ensure that all libraries in the concatenation be in an authorized state. Note that starting with Release 12, Multi-User must run authorized regardless of whether external security is in place or not.

DBCVTPR - Modify DBCVTPR USERID= parameter. The DBCVTPR USERID parameter governs format of the UserID that is passed to Datacom with each online request.

USERID=NO When external security is used, that value forces Advantage CA-Datacom/DB to use the 3-byte operator ID (CICS OPERID) instead of the 8-byte UserID (CICS USERID). In a RACF environment, USERID=NO means that Advantage CA-Datacom/DB uses the 3-byte operator ID, not the group ID, to secure the database. In Advantage CA-Datacom CICS Services r2.5 and before, if USERID=NO and external security was in use, Advantage CA-Datacom/DB used an 8-byte UserID to secure the database.
USERID=YES forces Advantage CA-Datacom/DB to use the 8-byte CICS USERID.

For more details see the CA Datacom/CICS Services 11.0 System Guide.

Environment

Release:
Component: DB