IBM supplies his customer with a documentation to implement HyperSwap with RACF.
This document shows how to implement it with CA Top Secret.
1.Create user BHIHSRV :
ADDUSER BHIHSRV OMVS(UID(user_identifier) SHARED HOME('/')) NOPASSWORD
1.1 TSS CREATE(BHIHSRV) NAME(' BHIHSRV Hyperswap) PASSWORD(NOPW,0) -
TYPE(USER) DEPT(Votre département STC) FACILITY(STC)
1.2.TSS ADD(BHIHSRV) UID(un numéro de UID) GROUP(un groupe OMVS) -
DFLTGRP(un groupe OMVS) HOME(/) -
OMVSPGM(/bin/sh)
1.3. TSS ADD(Votre département STC) ACID(BHIHSRV) PROC(BHIHSRV)
1.4 TSS MODIFY(OMVSTABS) , It is no longer needed with CA Top Secret r15.0 and above.
2. Define the resource ANT.REPLICATIONMANAGER :
RDEFINE FACILITY ANT.REPLICATIONMANAGER UACC(NONE)
2.1. Check whether the resource already exist:
TSS WHOHAS IBMFAC(ANT.)
2.2. Define the resource to CA Top Secret, if needed:
TSS ADD(un departement) IBMFAC(ANT.)
3. Permit the resource ANT.REPLICATIONMANAGER to BHIHSRV :
PERMIT ANT.REPLICATIONMANAGER CLASS(FACILITY) ID(BHIHSRV) ACCESS(CONTROL)
3.1. TSS PERMIT(BHIHSRV) IBMFAC(ANT.REPLICATIONMANAGER) ACCESS(ALL)
4. Permit the resource ANT.REPLICATIONMANAGER to the user using the connection CSM/z/OS:
PERMIT ANT.REPLICATIONMANAGER CLASS(FACILITY) ID(userid) ACCESS(CONTROL)
4.1. TSS PERMIT(user csm) IBMFAC(ANT.REPLICATIONMANAGER) ACCESS(ALL)
5. In case of unexpected violation, run:
a TSSTRACK EVENT(VIOL) DATE(TODAY) or a TSSUTIL EVENT(VIOL) DATE(TODAY)
With RACF resource class FACILITY is used, the equivalent one with CA Top Secret is IBMFAC.
With this resource class, the ownership cannot be made with more than eight characters.