CA OPS/MVS External Security question: Can RACF SMF records be produced and ICH408I messages for violations displayed in the SYSLOG?
search cancel

CA OPS/MVS External Security question: Can RACF SMF records be produced and ICH408I messages for violations displayed in the SYSLOG?

book

Article ID: 14632

calendar_today

Updated On:

Products

OPS/MVS Event Management & Automation

Issue/Introduction

We just turned on 'External Security' for OPS, so that our RACF person can test it. We set the following parm values:
Name               Value
EXTSECURITY   ON
EXTSECPREFIX 'OP$MVS'
EXTSECCLASS  '$CAOPS'

It seems to be working OK, but he had some additional questions.



  1. Can RACF SMF records be produced and ICH408I messages for violations displayed in the SYSLOG?
  2. What is the best way to trace the activity so I can see the resource names as we try out the different options? We have never setup external security for ops before and the "SAF Resource Names Table" in the manual does not correlate the profiles to the various options off the panels.

Environment

CA OPS/MVS? Event Management and Automation for JES2 - MVS Release:12.2IBM RACF

Resolution

Try these recommendations:

  • One method to determine the OPS/MVS functionality (mapped closely to the resource names) aligned to the OPSVIEW and automation activity is to turn on SEC events in the OPSLOG (parameter BROWSESEC). Then, perform or test a given functionality and observe the OPSLOG for the SEC events generated from performing the functionality.
  • You can also turn on the DEBUGEXTSEC parameter to help testing. OPS9999T messages will be logged with what is being evaluated.

Additional Information

Implementing External Security

Parameters for Resolving Problems

Powered by Wolken Software