How to Set Up Security for CA CSM with IBM RACF › How to Set Up SCS Address Space Security › Set Up SCS Address Space Security

Set Up SCS Address Space Security

Set up security for the SCS address space in IBM RACF.

Note: If you have already defined and activated the CAMSM resource class in IBM RACF, you can skip steps 1 through 4.

Follow these steps:

1. Issue the STEROPTS LIST command to verify that the CDT resource appears within both the CLASSACT and RACLIST list of entries.
2. Issue the following command to define the generic profile:

   RDEFINE CDT CAMSM UACC(NONE) CDTINFO(GENERIC,MAXLENGTH(246) POSIT(nnn) OTHER(ALPHA,NATIONAL,NUMERIC,SPECIAL) RACLIST(ALLOWED))
   

   nnn

   Defines a posit number that does not conflict with IBM reserved values.

   Note: For more information about posit numbers, see the IBM Server RACF Command Language Reference.

   The generic profile is defined.

3. Enter the following command to make the generic profile changes take effect:

   SETROPTS RACLIST(CDT) REFRESH
   

4. Enter the following command to activate the CAMSM class:

   SETROPTS RACLIST(CAMSM) CLASSACT(CAMSM)
   

5. Enter the following command to define the resource profiles within the CAMSM class:

   RDEFINE CAMSM SCSAS.CONNECT UACC(NONE)
   

6. Enter the following command to permit the resource to a user:

   PERMIT SCSAS.CONNECT CLASS(CAMSM) ID(userid) ACCESS(READ)
   

   userid

   Specifies the user ID assigned to the SCS address space.

7. (Optional) If the CAMSM class is RACLISTed, enter the following command to refresh the class:

   SETROPTS RACLIST(CAMSM) REFRESH