How To Implement IBM HyperSwap with CA Top Secret?
search cancel

How To Implement IBM HyperSwap with CA Top Secret?

book

Article ID: 9582

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

IBM supplies his customer with a documentation to implement HyperSwap with RACF.

 

This document shows how to implement it with CA Top Secret. 



Environment

This is valid for both CA Top Secret r15.0 and r16.0 on any z/OS release supporting HyperSwap.

Resolution

1.Create user BHIHSRV :

 

ADDUSER BHIHSRV OMVS(UID(user_identifier) SHARED HOME('/')) NOPASSWORD

 

1.1 TSS CREATE(BHIHSRV) NAME(' BHIHSRV  Hyperswap) PASSWORD(NOPW,0) -

TYPE(USER) DEPT(Votre département STC) FACILITY(STC)

         

1.2.TSS ADD(BHIHSRV) UID(un numéro de UID) GROUP(un groupe OMVS) -              

DFLTGRP(un groupe OMVS) HOME(/) -                         

OMVSPGM(/bin/sh)  

                                

1.3. TSS ADD(Votre département STC) ACID(BHIHSRV) PROC(BHIHSRV)       

 

1.4 TSS MODIFY(OMVSTABS)  , It is no longer needed with CA Top Secret r15.0 and above.     

 

 2. Define the resource ANT.REPLICATIONMANAGER :

 

RDEFINE FACILITY ANT.REPLICATIONMANAGER UACC(NONE)

 

2.1. Check whether the resource already exist:

 

TSS WHOHAS IBMFAC(ANT.)

 

2.2. Define the resource to CA Top Secret, if needed:

 

TSS ADD(un departement) IBMFAC(ANT.)                

 

 3. Permit the resource ANT.REPLICATIONMANAGER to BHIHSRV :

 

PERMIT ANT.REPLICATIONMANAGER CLASS(FACILITY) ID(BHIHSRV) ACCESS(CONTROL)

 

3.1. TSS PERMIT(BHIHSRV) IBMFAC(ANT.REPLICATIONMANAGER) ACCESS(ALL) 

 

4. Permit the resource ANT.REPLICATIONMANAGER to the user using the connection CSM/z/OS:

 

PERMIT ANT.REPLICATIONMANAGER CLASS(FACILITY) ID(userid) ACCESS(CONTROL)

 

4.1. TSS PERMIT(user csm) IBMFAC(ANT.REPLICATIONMANAGER) ACCESS(ALL) 

  

5. In case of unexpected violation, run:

 

 

a TSSTRACK EVENT(VIOL) DATE(TODAY) or a TSSUTIL EVENT(VIOL) DATE(TODAY)  

Additional Information

With RACF resource class FACILITY is used, the equivalent one with CA Top Secret is IBMFAC.

 

With this resource class, the ownership cannot be made with more than eight characters.