Previous Topic: Set Up SCS Address Space Security in CA Top Secret for z/OSNext Topic: Pass Tickets

SCS Address Space AdministrationSCS Address Space Security SetupSet Up SCS Address Space Security in IBM RACF

Set Up SCS Address Space Security in IBM RACF

If you are using IBM RACF, set up security in the SCS address space.

Note: If you have already defined and activated the CAMSM resource class in IBM RACF, you can skip steps 1 through 4.

Follow these steps:

  1. Issue the SETROPTS LIST command to verify that the CDT resource appears within both the CLASSACT and RACLIST list of entries.
  2. Define the generic profile: 
    RDEFINE CDT CAMSM UACC(NONE) CDTINFO(GENERIC,MAXLENGTH(246) POSIT(nnn) OTHER(ALPHA,NATIONAL,NUMERIC,SPECIAL) RACLIST(ALLOWED))
    nnn

    Defines a posit number that does not conflict with IBM reserved values.

    Note: For more information about posit numbers, see the IBM Server RACF Command Language Reference.

    The generic profile is defined.

  3. Make the generic profile changes take effect: 
    SETROPTS RACLIST(CDT) REFRESH
  4. Activate the CAMSM class: 
    SETROPTS RACLIST(CAMSM) CLASSACT(CAMSM)
  5. Define the resource profiles within the CAMSM class: 
    RDEFINE CAMSM SCSAS.CONNECT UACC(NONE)
  6. Permit the resource to a user: 
    PERMIT SCSAS.CONNECT CLASS(CAMSM) ID(userid) ACCESS(READ)
    userid

    Specifies the user ID assigned to the SCS address space.

  7. (Optional) If the CAMSM class is RACLISTed, refresh the class: 
    SETROPTS RACLIST(CAMSM) REFRESH