CA CSM uses resource profiles in the CAMSM resource class to grant access to resources on the web-based interface. You use these profiles to configure user security. If you plan to enable security checking for CA CSM functionality, your security administrator must configure the security before users access the web-based interface.
The default name of the SAF resource class is CAMSM. You can change the resource class name during CA CSM installation. To change the name, edit the safResourceClass keyword in the CA CSM options file.
If you want to change the setting after CA CSM is installed and set up, you can update the following statement in the SAMPLIB(MSMLIB) member:
IJO="$IJO-Dsaf.resource.class=saf_resource_class_name"
The safSecurity keyword in the CA CSM options file controls whether SAF resources are used to control access to CA CSM functions. If you want to change the setting after CA CSM is installed and set up, you can update the following statement in the SAMPLIB(MSMLIB) member. The value, false, disables security; and the value, true, enables security.
IJO="$IJO -Dactivate.saf.manager=false_or_true"
Important! If CA CSM fails to start with SAF security enabled, the following error is displayed in the CA CSM job log:
SafError - Error during DSI java open. RC=13
The resource profiles provide granular access to resources. However, for a start, configure security for two generic roles, administrator and general user.
Follow these steps:
The users are secured for various roles.
The configured security takes effect.
Note: We recommend that you use the same credentials that are used for performing product management work before CA CSM. Using the same credentials ensures that you have the same access rights within CA CSM that you have through TSO, BATCH, ISPF, and SMP/E.
For a change to user security privileges to take effect, recycle the CA CSM application server.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|