Addressing Security Requirements

Addressing Security Requirements

This section contains the following topics:

Installer Security Privileges

Configure Data Source Requirements

Run the CA Chorus Infrastructure Management Discipline Security Jobs

Installer Security Privileges

Before you begin the installation process, verify that the CA Chorus Infrastructure Management installer user ID has the following security privileges defined:

• For UNIX System Services:
  • (Optional) Ability to manipulate zFS data sets. This ability requires UPDATE authority to the appropriate entities within the FSACCESS class. Commented out by default.
    • FSACCESS lets you secure access to a ZFS file system container (that is, a data set). The resource name is the ZFS file system name.
    • For example, if you defined a ZFS file system named OMVS.ZFS.WEBSRV.TOOLS and then created directories U1 and U2 with files in the directories, a resource check for class FSACCESS resource OMVS.ZFS.WEBSRV.TOOLS would occur when a user tries to access a file in directory U1 or U2 in the ZFS file system. For more details, see the applicable security product documentation.
  • A valid OMVS definition and the installer user ID has a valid UID that is not UID(0).
  • Superuser authority.
  • READ access to the following resources in the FACILITY class:
    • (Optional) BPX.SUPERUSER
    • (Optional) BPX.FILEATTR.APF
    • (Optional) BPX.FILEATTR.PROGCTL
    • (Optional) BPX.FILEATTR.SHARELIB
    • (Optional) BPX.SERVER
    • SUPERUSER.FILESYS.PFSCTL profile in UNIXPRIV resource class
    • GROUP (GID) installation group (Default: CHORGRP)
• For z/OS:
  • Authority to create, update, and execute from the installation data sets and libraries.
  • Authority to execute the commands to manipulate the external security manager (CA ACF2, CA Top Secret, or IBM RACF) database.
• For DB2, SYSADM authority is required to execute DB2 catalog and product customization tasks for CA Insight DPM.