RACF to Top Secret for TADz
Article ID: 72939
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
We need to install TADz and need to define 3 STC's:
-Usage Monitor
-Analizer
-Automation Server
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
1) Create the acids to be used for the started tasks:
TSS CRE(monitor) NAME(monitor) TYPE(USER) DEPT(dept) FAC(STC) PASS(NOPW,0)
TSS ADD(STC) PROCNAME(monitor) ACID(monitor)
TSS CRE(analyzer) NAME(analyzer) TYPE(USER) DEPT(dept) FAC(STC) PASS(NOPW,0)
TSS ADD(STC) PROCNAME(analyzer) ACID(analyzer)
TSS CRE(autoserv) NAME(autoserv) TYPE(USER) DEPT(dept) FAC(STC) PASS(NOPW,0)
TSS ADD(STC) PROCNAME(autoserv) ACID(autoserv)
2) Choose a facility to be used for these regions and add it as a MASTFAC to the region acids:
TSS ADD(monitor) MASTFAC(fac)
TSS ADD(analyzer) MASTFAC(fac)
TSS ADD(autoserv) MASTFAC(fac)
3) Add the facility to the acids that need it:
TSS ADD(acid) FAC(fac)
where 'acid' is the user's acid, an attached profile, or the ALL record if all users should have access.
Here are the commands using the acid names I used for the create commands (you can change the acid names if you like):
Establish ownership if the high level qualifiers for each:
TSS ADD(dept) DSN(SHSI)
TSS ADD(dept) DSN(ACDS)
TSS ADD(dept) DSN(SDSN)
TSS ADD(dept) DSN(HLQIDS)
TSS ADD(dept) DSN(your monitor data sets hlq)
Permit each acid the necessary authority:
TSS PERMIT(monitor) DSN(SHIMOD1) ACCESS(READ)
TSS PERMIT(monitor) DSN(SYS1.PARMLIB) ACCESS(READ)
TSS PERMIT(monitor) DSN(HLQIDS) ACCESS(READ)
TSS PERMIT(monitor) DSN(monitor output data sets) ACCESS(ALL)
TSS PERMIT(analyzer) DSN(SHSIMOD1) ACCESS(READ)
TSS PERMIT(analyzer) DSN(SYS1.PARMLIB) ACCESS(READ)
TSS PERMIT(analyzer) DSN(SHSIANL1) ACCESS(READ)
TSS PERMIT(analyzer) DSN(SHSIANL2) ACCESS(READ)
TSS PERMIT(analyzer) DSN(SDSNLOAD) ACCESS(READ)
TSS PERMIT(analyzer) DSN(SDSNEXIT) ACCESS(READ)
TSS PERMIT(autoserv) DSN(SHSIMOD1) ACCESS(READ)
TSS PERMIT(autoserv) DSN(SYS1.PARMLIB) ACCESS(READ)
TSS PERMIT(autoserv) DSN(ACDS) ACCESS(CONTROL)
TSS CRE(monitor) NAME(monitor) TYPE(USER) DEPT(dept) FAC(STC) PASS(NOPW,0)
TSS ADD(STC) PROCNAME(monitor) ACID(monitor)
TSS CRE(analyzer) NAME(analyzer) TYPE(USER) DEPT(dept) FAC(STC) PASS(NOPW,0)
TSS ADD(STC) PROCNAME(analyzer) ACID(analyzer)
TSS CRE(autoserv) NAME(autoserv) TYPE(USER) DEPT(dept) FAC(STC) PASS(NOPW,0)
TSS ADD(STC) PROCNAME(autoserv) ACID(autoserv)
2) Choose a facility to be used for these regions and add it as a MASTFAC to the region acids:
TSS ADD(monitor) MASTFAC(fac)
TSS ADD(analyzer) MASTFAC(fac)
TSS ADD(autoserv) MASTFAC(fac)
3) Add the facility to the acids that need it:
TSS ADD(acid) FAC(fac)
where 'acid' is the user's acid, an attached profile, or the ALL record if all users should have access.
Here are the commands using the acid names I used for the create commands (you can change the acid names if you like):
Establish ownership if the high level qualifiers for each:
TSS ADD(dept) DSN(SHSI)
TSS ADD(dept) DSN(ACDS)
TSS ADD(dept) DSN(SDSN)
TSS ADD(dept) DSN(HLQIDS)
TSS ADD(dept) DSN(your monitor data sets hlq)
Permit each acid the necessary authority:
TSS PERMIT(monitor) DSN(SHIMOD1) ACCESS(READ)
TSS PERMIT(monitor) DSN(SYS1.PARMLIB) ACCESS(READ)
TSS PERMIT(monitor) DSN(HLQIDS) ACCESS(READ)
TSS PERMIT(monitor) DSN(monitor output data sets) ACCESS(ALL)
TSS PERMIT(analyzer) DSN(SHSIMOD1) ACCESS(READ)
TSS PERMIT(analyzer) DSN(SYS1.PARMLIB) ACCESS(READ)
TSS PERMIT(analyzer) DSN(SHSIANL1) ACCESS(READ)
TSS PERMIT(analyzer) DSN(SHSIANL2) ACCESS(READ)
TSS PERMIT(analyzer) DSN(SDSNLOAD) ACCESS(READ)
TSS PERMIT(analyzer) DSN(SDSNEXIT) ACCESS(READ)
TSS PERMIT(autoserv) DSN(SHSIMOD1) ACCESS(READ)
TSS PERMIT(autoserv) DSN(SYS1.PARMLIB) ACCESS(READ)
TSS PERMIT(autoserv) DSN(ACDS) ACCESS(CONTROL)
Feedback
Yes
No
Powered by
