|
|
|
You want to define a profile, MSMPRF2, that grants access to all user actions, but the user can only access the SANDBOX system within the environment. A user with this profile cannot manage system or other users' settings, modify the system registry, nor create methodologies. The user can create deployments that are targeted for the SANDBOX system and can use methodologies that other CA CSM users defined. The user can create configurations that are targeted for the SANDBOX remote system using system profile values already defined, but cannot implement those configurations.
Issue the following IBM RACF commands:
ADDGROUP MSMPRF2 DATA(‘CA CSM USER’) RDEFINE CAMSM LOGON UACC(NONE) RDEFINE CAMSM ADMIN.SETTINGS.USER.* UACC(NONE) RDEFINE CAMSM ADMIN.LMPKEY.* UACC(NONE) RDEFINE CAMSM SC.@ACTION.* UACC(NONE) RDEFINE CAMSM SMPE.@ACTION.* UACC(NONE) RDEFINE CAMSM SYSREG.@DISPLAY UACC(NONE) RDEFINE CAMSM SYSREG.@PROFILE.DISPLAY UACC(NONE) RDEFINE CAMSM SYSREG.@SYSTEM.SANDBOX UACC(NONE) RDEFINE CAMSM METHOD.@DISPLAY UACC(NONE) RDEFINE CAMSM DEPLOY.* UACC(NONE) RDEFINE CAMSM CONFIG.@DISPLAY UACC(NONE) RDEFINE CAMSM CONFIG.@ACTION.CREATE UACC(NONE) RDEFINE CAMSM CONFIG.@ACTION.REMOVE UACC(NONE) PERMIT LOGON CLASS(CAMSM) ID(MSMPRF2) ACCESS(READ) PERMIT ADMIN.SETTINGS.USER.* CLASS(CAMSM) ID(MSMPRF2) ACCESS(READ) PERMIT ADMIN.LMPKEY.* CLASS(CAMSM) ID(MSMPRF2) ACCESS(READ) PERMIT SC.@ACTION.* CLASS(CAMSM) ID(MSMPRF2) ACCESS(READ) PERMIT SMPE.@ACTION.* CLASS(CAMSM) ID(MSMPRF2) ACCESS(READ) PERMIT SYSREG.@DISPLAY CLASS(CAMSM) ID(MSMPRF2) ACCESS(READ) PERMIT SYSREG.@PROFILE.DISPLAY CLASS(CAMSM) ID(MSMPRF2) ACCESS(READ) PERMIT METHOD.@DISPLAY CLASS(CAMSM) ID(MSMPRF2) ACCESS(READ) PERMIT DEPLOY.* CLASS(CAMSM) ID(MSMPRF2) ACCESS(READ) PERMIT CONFIG.@DISPLAY CLASS(CAMSM) ID(MSMPRF2) ACCESS(READ) PERMIT CONFIG.@ACTION.CREATE CLASS(CAMSM) ID(MSMPRF2) ACCESS(READ) PERMIT CONFIG.@ACTION.REMOVE CLASS(CAMSM) ID(MSMPRF2) ACCESS(READ)
| Copyright © 2013 CA. All rights reserved. |
|