Previous Topic: Addressing Security RequirementsNext Topic: Run the CA Chorus Infrastructure Management Discipline Security Jobs

Addressing Security RequirementsConfigure Data Source Requirements

Configure Data Source Requirements

To authorize CA Chorus Infrastructure Management users to work with the data sources, complete the following tasks.

Note: If you have already completed a task as part of configuring a different CA Chorus discipline, you do not have to redefine it for this discipline.

Follow these steps:

  1. If CA NetMaster NM for TCP/IP has not previously used PassTicket, then update the RAPPL SXCTL parameter in the CA NetMaster NM for TCP/IP region as CHORWEBS. Otherwise, if CA NetMaster NM for TCP/IP has previously used PassTicket or CHORWEBS is not a suitable value, then use a FAWI095x security job to activate PassTicket support.

    When using PassTicket, the CA NetMaster NM for TCP/IP region identifies itself to the security systems, CA ACF2, CA Top Secret, or IBM RACF, with the application ID of applid. The region must use a security exit that specifies the RACROUTE APPL parameter. applid is the value of that parameter.

    CHORWEBS is the default application ID for which PassTickets are generated for CA Chorus users.

    Note: For more information about CHORWEBS and PassTicket, see CA Chorus Site Preparation Guide.

    The region must not specify SEC=NO in TESTEXEC(RUNSYSIN). If you use the distributed security exit (for example, SEC=NMSAF), the RAPPL SXCTL parameter specifies the APPL value. The default is the primary VTAM ACB name of the region (PRI value in RUNSYSIN).

    Note: For more information, see the CA Mainframe Network Management Security Guide.

  2. Define the users as network operators in the CA NetMaster NM for TCP/IP region to which CA Chorus sends requests. These definitions include the CA Chorus ancillary user ID (default CHORTHD).

    If the region specifies SEC=NMSAF and the region uses the MODEL user facility, configure the following SXCTL parameter: WEBMODEL=YES.

  3. To view DB2 subsystem data from CA Chorus Infrastructure Management, the users require EXECUTE authority on the CA Insight DPM product plans.

    Note: For more information about using the Product Authorizations Facility to assign this right, see the CA Database Management Solutions for DB2 for z/OS General Facilities Reference Guide.