Convert z/OS 2.3 IZUCASEC from RACF to TSS commands
search cancel

Convert z/OS 2.3 IZUCASEC from RACF to TSS commands

book

Article ID: 95768

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

Convert z/OS 2.3 IZUCASEC from RACF to TSS commands

Convert z/OS 2.3 IZUCASEC from RACF to TSS commands

Environment

Release:
Component: TSSMVS

Resolution

//IZUCASEC JOB MSGCLASS=C,MSGLEVEL=(1,1),USER=XXXXXXX,NOTIFY=XXXXXXX
//STEP1  EXEC PGM=IKJEFT01,DYNAMNBR=99
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN  DD *

 /*                                                                */
 /*  Begin "Configuration Assistant" Setup                         */
 /*                                                                */

 /*   Profile Definitions for "Configuration Assistant"            */
 RDEFINE ZMFAPLA IZUDFLT.ZOSMF.CONFIGURATION_ASSISTANT.** UACC(NONE)

 /*                                                                */
 /*   Begin zOSMF User Role Setup                                  */
 /*                                                                */
 /*   Permit definitions for Configuration Assistant               */
 PERMIT IZUDFLT.ZOSMF.CONFIGURATION_ASSISTANT.** CLASS(ZMFAPLA) +
   ID(IZUUSER) ACCESS(READ)

 /*                                                                */
 /*  End zOSMF User Role Setup                                     */
 /*                                                                */

 /*                                                                */
 /*   Begin zOSMF Administrator Role Setup                         */
 /*                                                                */
 /*   Permit definitions for Configuration Assistant               */
 PERMIT IZUDFLT.ZOSMF.CONFIGURATION_ASSISTANT.** CLASS(ZMFAPLA) +
   ID(IZUADMIN) ACCESS(READ)

 /*                                                                */
 /*  End zOSMF Administrator Role Setup                            */
 /*                                                                */

 /* Need to REFRESH these classes for Roles                        */
 SETROPTS RACLIST(ZMFAPLA) REFRESH
No equivalent and not needed in TSS.                               */

 /*                                                                */
 /*  Begin "IBM Cloud Provisioning and Management for z/OS" Setup  */
 /*                                                                */

 /* RDEFINE OPERCMDS MVS.MCSOPER.* UACC(NONE)                      */
 /* TSS ADD(owningacid) OPERCMDS(MVS.)                             */

 /* PERMIT MVS.MCSOPER.* CLASS(OPERCMDS) ID(IZUSVR) ACCESS(READ)   */
 /* TSS PER(IZUSVR) OPERCMDS(MVS.MCSOPER) ACC(READ)                */


 /* RDEFINE OPERCMDS (MVS.VARY.TCPIP.OBEYFILE) UACC(NONE)          */
 /* Not needed done in a previous step above.                      */

 /* PERMIT MVS.VARY.TCPIP.OBEYFILE CLASS(OPERCMDS) ID(IZUSVR) +    */
 /*   ACCESS(CONTROL)                                              */

 /* RDEFINE OPERCMDS (MVS.DISPLAY.*) UACC(NONE)                    */
 /* Not needed done in a previous step above.                      */

 /* PERMIT MVS.DISPLAY.* CLASS(OPERCMDS) ID(IZUSVR) ACCESS(READ)   */
 /* TSS PER(IZUSVR) OPERCMDS(MVS.DISPLAY) ACC(READ)                */

 /* RDEFINE SERVAUTH +                                             */
 /*   EZB.NETSTAT.<mvsname>.<tcpprocname>.VIPADCFG +               */
 /*   UACC(NONE)                                                   */ 
 /* TSS ADD(owningacid) SERVAUTH(EZB.NETSTAT)                      */

 /* PERMIT EZB.NETSTAT.<mvsname>.<tcpprocname>.VIPADCFG +          */
 /*   CLASS(SERVAUTH) ID(IZUSVR) ACCESS(READ)                      */
 /* TSS PER(IZUSVR) SERVAUTH(EZB.NETSTAT) ACC(READ)                */

 /* RDEFINE SERVAUTH EZB.NETWORKUTILS.CLOUD.<mvsname> UACC(NONE)   */
 /* TSS ADD(owningacid) SERVAUTH(EZB.NETWORKUTILS.CLOUD)           */

 /* PERMIT EZB.NETWORKUTILS.CLOUD.<mvsname> CLASS(SERVAUTH) +      */
 /*   ID(IZUSVR) ACCESS(READ) 
 /* TSS PER(IZUSVR) SERVAUTH(EZB.NETWORKUTILS.CLOUD.<mvsname> ) -  */
 /*                 ACC(READ)                                      */

 /* Grant ALTER access to IZUSVR for the stack include and stack   */
 /* dynamic update datasets if your system protects data sets with */
 /* SAF profiles.  These are data sets you will create manually and*/
 /* then reference in Configuration Assistant when you configure a */
 /* TCP/IP stack from the Systems tab in the Cloud perspective.    */

 /* If the z/OS ROUTE command is protected by SAF, IZUSVR must have*/
 /* READ access to the MVS.ROUTE.CMD.<system> SAF profile in the   */
 /* OPERCMDS class.                                                */
 /* **NOTE: <system> is the target MVS system name where           */
 /* IBM Cloud Provisioning and Management for z/OS will provision  */
 /* resources. e.g.                                                */

 /* PERMIT MVS.ROUTE.CMD.<system> CLASS(OPERCMDS) +                */
 /*   ID(IZUSVR) ACCESS(READ)                                      */
 /* TSS PER(IZUSVR) OPERCMDS(MVS.ROUTE.CMD.<system>)               */

 /* SETROPTS RACLIST(OPERCMDS,SERVAUTH) REFRESH                    */
 /* No equivalent and not needed in TSS.                           */

 /*                                                                */
 /*  End "IBM Cloud Provisioning and Management for z/OS" Setup    */
 /*                                                                */

 /*                                                                */
 /*  End "Configuration Assistant" Setup                           */
 /*                                                                */

/*

Attachments

1558536409064zOS23IZUCASEC.txt get_app