ROSCOE is a very powerful program and it is essential, therefore, that security be properly implemented so that the users of the product not present data integrity exposures.
Properly securing the use of various commands and features is crucial.
Release:
Component: ROSCOE
ACF2, RACF, Top Secret
CA-Roscoe 6.0 supports external security by making SAF compliant RACROUTE calls. The resource used for ROSCOE as noted in the ROSCOE Security Administrators Guide is ROSRES (TSS), RO@RES (IBM RACF), ROSRES or ROS (ACF2).
The key to external security, is the ACFEXT= parameter. If specified as "YES", external security checking will be initiated at user signon. It must be specified as "YES" for any other external security parameters to be valid. The first time it is used, all passwords in the CA-Roscoe profile key (UPS) will be set to "EXTERNAL", they can only be reset manually. CA Roscoe uses the EXTSEC= SYSIN parameter to determine the type of external security.
Instructions:
If CLLEXT=YES
The resource class and name is:
ROSRES
[rosid.]ROSCMD.ETSO.program ACCESS(READ)
example
TSS PERMIT(userid) ROSRES(rosid.ROSCMD.ETSO.program) ACCESS(READ)
If JOBEXT=YES
The resource class and name when attaching a job:
JESSPOOL
localnodeid.userid.jobname.jobid.dsnumber.name ACCESS(UPDATE)
If LIBEXT=YES
The resource class and name is:
ROSRES
[rosid.]ROSCMD.PRIV.ROSLIB ACCESS(UPDATE)
If PRVEXT=YES
The resource class and name is:
ROSRES
[rosid.]ROSCMD.PRIV.OPER.cmd.cmd2 ACCESS(CONTROL)
If MONEXT=YES
The resource class and name is:
ROSRES
[rosid.]ROSCMD.MONITOR.mon ACCESS(READ)
If RPFEXT=YES
The resource class and name is:
ROSRES
[rosid.]ROSCMD.RPF.pfx.rpf ACCESS(READ)
If UPSEXT=YES
The resource class and name is:
ROSRES
[rosid.]ROSCMD.PRIV.ROSUPS ACCESS(UPDATE)
CLASS=DATASET
ENTITY=data set name
ATTR=READ/UPDATE