Example: Set Up Security for Restricted Users

How to Set Up Security for CA CSM with IBM RACF › How to Set Up User Security › Define the Group Profiles › Example: Set Up Security for Restricted Users

Example: Set Up Security for Restricted Users

You want to define a profile, MSMPRF3, that grants access to the following actions only:

Download product packages.
Install product packages that are downloaded outside of CA CSM.
Migrate an existing SMP/E environment to CA CSM.
Remove knowledge of an SMP/E environment from CA CSM.
Create deployments and deploy them (if they are the owner).
Create and maintain remote systems within the system registry, including profile information.
Implement prepared configurations on remote systems.

Issue the following IBM RACF commands:

ADDGROUP MSMPRF3 DATA(‘CA CSM SMPE’)

RDEFINE CAMSM LOGON UACC(NONE)
RDEFINE CAMSM ADMIN.SETTINGS.USER.* UACC(NONE)
RDEFINE CAMSM SC.@ACTION.INSTPKG UACC(NONE)
RDEFINE CAMSM SMPE.@ACTION.MIGRATE UACC(NONE)
RDEFINE CAMSM SMPE.@ACTION.REMOVECSI UACC(NONE)
RDEFINE CAMSM DEPLOY.@SELF UACC(NONE)
RDEFINE CAMSM SYSREG.* UACC(NONE)
RDEFINE CAMSM METHOD.@DISPLAY UACC(NONE)
RDEFINE CAMSM CONFIG.@ACTION.IMPL UACC(NONE)

PERMIT LOGON CLASS(CAMSM) ID(MSMPRF3) ACCESS(READ)
PERMIT ADMIN.SETTINGS.USER.* CLASS(CAMSM) ID(MSMPRF3) ACCESS(READ)
PERMIT SC.@ACTION.INSTPKG CLASS(CAMSM) ID(MSMPRF3) ACCESS(READ)
PERMIT SMPE.@ACTION.MIGRATE CLASS(CAMSM) ID(MSMPRF3) ACCESS(READ)
PERMIT SMPE.@ACTION.REMOVECSI CLASS(CAMSM) ID(MSMPRF3) ACCESS(READ)
PERMIT DEPLOY.@SELF CLASS(CAMSM) ID(MSMPRF3) ACCESS(READ)
PERMIT SYSREG.* CLASS(CAMSM) ID(MSMPRF3) ACCESS(READ)
PERMIT METHOD.@DISPLAY CLASS(CAMSM) ID(MSMPRF3) ACCESS(READ)
PERMIT CONFIG.@ACTION.IMPL CLASS(CAMSM) ID(MSMPRF3) ACCESS(READ)