Convert RACF Commands ADDGROUP and CONNECT to TSS command.
Article ID: 94810
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
Convert RACF Commands ADDGROUP and CONNECT to TSS command.
We are enabling TLS on our zVM 6.4 system running Top Secret.
hat would be the equivalent of the following RACF commands in Top Secret:
Define the RACF user group:
RAC ADDGROUP SECURITY
RAC ALTGROUP SECURITY OVM(GID(7))
Then, for each pool server, issue the commands that follow (here, the default pool user ID prefix of SSL is assumed):
RAC CONNECT SSLnnnnn GROUP(SECURITY)
RAC ALTUSER SSLnnnnn OVM(UID(7))
For example:
RAC CONNECT SSL00001 GROUP(SECURITY) RAC ALTUSER SSL00001 OVM(UID(7))
We are enabling TLS on our zVM 6.4 system running Top Secret.
hat would be the equivalent of the following RACF commands in Top Secret:
Define the RACF user group:
RAC ADDGROUP SECURITY
RAC ALTGROUP SECURITY OVM(GID(7))
Then, for each pool server, issue the commands that follow (here, the default pool user ID prefix of SSL is assumed):
RAC CONNECT SSLnnnnn GROUP(SECURITY)
RAC ALTUSER SSLnnnnn OVM(UID(7))
For example:
RAC CONNECT SSL00001 GROUP(SECURITY) RAC ALTUSER SSL00001 OVM(UID(7))
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
1. Define the RACF user group: RAC ADDGROUP SECURITY
RAC ALTGROUP SECURITY OVM(GID(7))
TSS CRE(SECURITY) NAME('Security PROFILE') DEPT(dept) TYPE(PROFILE)
TSS CRE(SECURIGP) NAME('Security GROUP') DEPT(dept) TYPE(GROUP)
TSS ADD(SECURIGP) GID(7)
TSS ADD(acid) GROUP(SECURIGP)
You cant attach GIDs to PROFILEs in TSS. You add them to a GROUP acid, then attach the GROUP to an acid.
2. RAC CONNECT SSLnnnnn GROUP(SECURITY)
TSS ADD(SSLnnnnn) PROFILE(SECURITY)
In TSS a PROFILE is equivalent to a GROUP in RACF. A GROUP is TSS is something totally different in TSS. GROUPS are used to attach GIDs. Then you attach the GROUP acid to a user to associate the GID.
The RACF command above assumes that a PROFILE called SECURITY already exists.
3. RAC ALTUSER SSLnnnnn OVM(UID(7))
TSS ADD(SSLnnnnn) UID(7)
4. For example: RAC CONNECT SSL00001 GROUP(SECURITY)
RAC ALTUSER SSL00001 OVM(UID(7))
TSS ADD(SSL00001) UID(7)
RAC ALTGROUP SECURITY OVM(GID(7))
TSS CRE(SECURITY) NAME('Security PROFILE') DEPT(dept) TYPE(PROFILE)
TSS CRE(SECURIGP) NAME('Security GROUP') DEPT(dept) TYPE(GROUP)
TSS ADD(SECURIGP) GID(7)
TSS ADD(acid) GROUP(SECURIGP)
You cant attach GIDs to PROFILEs in TSS. You add them to a GROUP acid, then attach the GROUP to an acid.
2. RAC CONNECT SSLnnnnn GROUP(SECURITY)
TSS ADD(SSLnnnnn) PROFILE(SECURITY)
In TSS a PROFILE is equivalent to a GROUP in RACF. A GROUP is TSS is something totally different in TSS. GROUPS are used to attach GIDs. Then you attach the GROUP acid to a user to associate the GID.
The RACF command above assumes that a PROFILE called SECURITY already exists.
3. RAC ALTUSER SSLnnnnn OVM(UID(7))
TSS ADD(SSLnnnnn) UID(7)
4. For example: RAC CONNECT SSL00001 GROUP(SECURITY)
RAC ALTUSER SSL00001 OVM(UID(7))
TSS ADD(SSL00001) UID(7)
Feedback
Yes
No
Powered by
