How to Authorize Users to Work in CA Chorus › Authorize Users to Work in CA Chorus › Sample: Authorize a User with IBM RACF

Sample: Authorize a User with IBM RACF

Use this procedure to identify the users that can log in to CA Chorus. Additionally, you can authorize users to do the following tasks:

• Index content in the Knowledge Center. Indexing the content lets the user add or remove documentation from this repository.
• Use the auto-refresh option. This option refreshes the data that appears in the CA Chorus UI whenever the back-end data changes

Note: The following commands are samples. For detailed information about using these commands, see the IBM RACF product documentation.

Follow these steps:

1. Add each discipline resource to CAMFC:

   Note: This step is not required for feature-based resources (for example, auto-refresh). You need only perform this step one time. If you have defined the resource to CAMFC, go to step 2.

   RDEFINE CAMFC CHORUS.ROLE.discipline UACC(NONE)
   

   discipline

   DB2DBA

   INFRASTRUCTURE

   SECURITY

   STORAGE

   Note: For a detailed explanation of each discipline resource, see step 2.

   The applicable discipline resource is assigned to CAMFC. You can now give users access to the discipline.

2. Permit user access to specific resources by entering the following commands:

   PERMIT resource-name ID(uid-of-userid1) AC(READ) CLASS(CAMFC)
   PERMIT resource-name ID(uid-of-userid2) AC(READ) CLASS(CAMFC)
   ...
   PERMIT resource-name ID(uid-of-useridn) AC(READ) CLASS(CAMFC)
   

   resource-name

   Identifies the CA Chorus resource the user is permitted to access.

   CHORUS.ROLE.DB2DBA

   Controls access to CA Chorus for DB2 Database Management functions. CA Chorus Infrastructure Management for Networksand Systems offers data from CA Insight, but the resource is not required for this discipline.

   CHORUS.ROLE.INFRASTRUCTURE

   Controls access to CA Chorus Infrastructure Management for Networksand Systems functions.

   CHORUS.ROLE.SECURITY

   Controls access to CA Chorus for Security and Compliance Management functions (UI and batch).

   CHORUS.ROLE.STORAGE

   Controls access to CA Chorus for Storage Management functions.

   CHORUS.ROLE.SDKinstance

   Controls access to an SDK role. CA Chorus can support multiple SDKs. Work with the system administrator and application developer to define and share this name. We recommend that the application developer use this name to build the files necessary to support the SDK. For more details, see the Software Development Kit User Guide.

   instance

   An alphanumeric string to identify this resource for your SDK.

   CHORUS.SETTINGS.KNOWLEDGECENTER

   Indicates the user can index content in the Knowledge Center.

   CHORUS.SETTINGS.AUTOREFRESH

   Indicates that the user can use the auto-refresh option.

   uid-of-userid1, uid_of_userid2, ..., uid_of_useridn

   Identifies the UID of the CA Chorus user requesting access.

   READ

   Indicates the user has READ access.

3. Activate the changes that are made to the CAMFC resources:

   SETROPTS RACLIST(CAMFC) REFRESH
   

   The changes are activated.

The user has access to the specified resources and can log in and work in CA Chorus.

Example

The following commands grant user ABC1 the following abilities:

• Log in to CA Chorus.
• Use the functions of CA Chorus for Security and Compliance Management .
• Modify the documentation in the Knowledge Center.
• Use the auto-refresh option.

  PERMIT CHORUS.ROLE.SECURITY ID(ABC1) AC(READ) CLASS(CAMFC)
  PERMIT CHORUS.SETTINGS.KNOWLEDGECENTER ID(ABC1) AC(READ) CLASS(CAMFC)
  PERMIT CHORUS.SETTINGS.AUTOREFRESH ID(ABC1) AC(READ) CLASS(CAMFC)
  SETROPTS RACLIST(CAMFC) REFRESH