Previous Topic: PrerequisitesNext Topic: Set Up CA CSM User ID Without UID(0) for CA ACF2 for z/OS

Configuring CA CSMSetting Up CA CSM User ID Without UID(0)Set Up CA CSM User ID Without UID(0) for CA Top Secret for z/OS

Set Up CA CSM User ID Without UID(0) for CA Top Secret for z/OS

Modify this procedure according to your security system settings.

The CA CSM user ID is the ID that is associated with the CA CSM application server.

Follow these steps:

  1. Review the prerequisites.
  2. After the installation of CA CSM finishes, create a group, for example, CACSMGRP with a GID definition in your security system, and specify CACSMGRP to be the default group for the CA CSM user ID and each CA CSM user.
  3. Change the owner and the group by issuing the following commands under SUPERUSER authority: 
    chown -R CA_CSM_USER_ID MSMPATH
chgrp -R CACSMGRP MSMPATH
chown -R CA_CSM_USER_ID MountPath
chgrp -R CACSMGRP MountPath
chown -R CA_CSM_USER_ID RunTimeUSSPath
chgrp -R CACSMGRP RunTimeUSSPath

    where MSMPATH, MountPath, and RunTimeUSSPath are values that are referenced in the MSMSetupOptionsFile.properties file.

    Note: When you issue the commands for RunTimeUSSPath, the following message can appear:

    EDC5129I No such file or directory

    This message is issued against the ioeagfmt file and does not affect command completion in any way. You can ignore this message.

    Important! Also, issue these commands after you run the MSMDEPLY job.

  4. If you plan to run the CA CSM application server as a started task, accomplish relevant configuration settings. For more information, see "Set Up Started Task Security" in the Site Preparation Guide.
  5. Assign the following required IBMFAC class permissions to the CA CSM user ID: 
    IBMFAC BPX.CONSOLE ACCESS(UPDATE)
IBMFAC BPX.SERVER  ACCESS(UPDATE)
IBMFAC BPX.FILEATTR.APF ACCESS(READ)
IBMFAC BPX.FILEATTR.PROGCTL ACCESS(READ)
IBMFAC BPX.FILEATTR.SHARELIB ACCESS(READ)
  6. Assign the following required UNIXPRIV class permissions to the CA CSM user ID: 
    UNIXPRIV SUPERUSER.FILESYS.CHANGEPERMS ACCESS(READ)
UNIXPRIV SUPERUSER.FILESYS.MOUNT ACCESS(UPDATE)
UNIXPRIV SUPERUSER.FILESYS.PFSCTL ACCESS(READ)
  7. Assign the following optional SERVAUTH class permissions, to the CA CSM user ID: 
    SERVAUTH EZB.FTP ACCESS(READ)
SERVAUTH EZB.STACKACCESS ACCESS(READ)
  8. After the first task within CA CSM finishes, issue the following commands under SUPERUSER authority: 
    chown -R CA_CSM_USER_ID MountPath
chgrp -R CACSMGRP MountPath

    where MountPath is a value that is referenced in the MSMSetupOptionsFile.properties file.