Previous Topic: Example: Set Up Security for Administrators

Next Topic: Example: Set Up Security for Restricted Users

How to Set Up Security for CA CSM with CA ACF2 for z/OSHow to Set Up User SecurityExample: Set Up Security for Users

Example: Set Up Security for Users

You want to grant the user, MSMUSR2, access to all user actions, but the user can only access the SANDBOX system within the environment. A user with this setup cannot manage system or other users' settings, modify the system registry, nor create methodologies. The user can create deployments that are targeted for the SANDBOX system and can use methodologies that other CA CSM users defined. The user can create configurations that are targeted for the SANDBOX remote system using system profile values already defined, but cannot implement those configurations.

Issue the following CA ACF2 for z/OS commands:

SET R(MSM)
COMPILE STORE
$KEY(LOGON) TYPE(MSM)
UID(*****MSMUSR2)                     SERVICE(READ)   ALLOW


SET R(MSM)
COMPILE STORE
$KEY(ADMIN) TYPE(MSM)
SETTINGS.USER.-   UID(*****MSMUSR2)   SERVICE(READ)   ALLOW
LMPKEY.-          UID(*****MSMUSR2)   SERVICE(READ)   ALLOW


SET R(MSM)
COMPILE STORE
$KEY(SC) TYPE(MSM)
@ACTION.-         UID(*****MSMUSR2)   SERVICE(READ)   ALLOW


SET R(MSM)
COMPILE STORE
$KEY(SMPE) TYPE(MSM)
@ACTION.-         UID(*****MSMUSR2)   SERVICE(READ)   ALLOW


SET R(MSM)
COMPILE STORE
$KEY(SYSREG) TYPE(MSM)
@DISPLAY.-        UID(*****MSMUSR2)   SERVICE(READ)   ALLOW
@PROFILE.DISPLAY  UID(*****MSMUSR2)   SERVICE(READ)   ALLOW
@SYSTEM.SANDBOX   UID(*****MSMUSR2)   SERVICE(READ)   ALLOW


SET R(MSM)
COMPILE STORE
$KEY(METHOD) TYPE(MSM)
@DISPLAY.-        UID(*****MSMUSR2)   SERVICE(READ)   ALLOW


SET R(MSM)
COMPILE STORE
$KEY(DEPLOY) TYPE(MSM)
@DISPLAY.-        UID(*****MSMUSR2)   SERVICE(READ)   ALLOW
@BUILD.-          UID(*****MSMUSR2)   SERVICE(READ)   ALLOW
@EXECUTE.-        UID(*****MSMUSR2)   SERVICE(READ)   ALLOW


SET R(MSM)
COMPILE STORE
$KEY(CONFIG) TYPE(MSM)
@DISPLAY.-        UID(*****MSMUSR2)   SERVICE(READ)   ALLOW
@ACTION.CREATE    UID(*****MSMUSR2)   SERVICE(READ)   ALLOW
@ACTION.REMOVE    UID(*****MSMUSR2)   SERVICE(READ)   ALLOW