The product for which you are installing CAISSF has product‑specific classnames that are installed into RACF or the RACF‑compatible product. See your product‑specific documentation for information about the required classnames. The product classnames must be added to the RACF class descriptor table, ICHRRCDE, and to the RACF SAF router table, ICHRFRTB.
The following examples display what you code. The examples use classname CACMD. The product that is using CAISSF does not always require this classname.
Note: Control statements can be continued on the next line when a dash (-) is placed at the end of the line to be continued.
Example 1: Class Descriptor Table Entry for CACMD
CACMD ICHERCDE CLASS=CA@MD, -
{GROUP=DFTGRP,} -
MAXLNTH=8, -
FIRST=ALPHANUM, -
OTHER=ANY, -
OPER=NO, -
DFTUACC=NONE, -
ID=CLASS_NUMBER, -
POSIT=19-255
Example 2: SAF Router Table Entry for CACMD
CACMD ICHRFRTB CLASS=CA@MD, -
ACTION=RACF
Initially the RACFLIST member does not exist. Create the RACFLIST member and update it to contain the RACFCLASS control statements if modifications to the defaults are required.
CCS previously distributed CAS9SAFC and CAS9RACL as load modules and sample source code. You could modify the security tables within these modules to meet certain needs. These modules are no longer being distributed and the security tables have been removed from them. CAIRIM now dynamically creates the security table. CAIRIM has new parameters that can be used to customize the dynamic table.
Create a member in a parameter library of your choice. The member name can be anything that fits your company standards. The default for the library is CAI.CAW0OPTN and the default for the member name is RACFLIST. The CAS9 procedure contains the following DD statement:
//*CAIRACF DD DISP=SHR,DSN=&CAW0OPTN(RACFLIST)
To match your requirements, uncomment the statement and update the DSN and member name.
The dynamic table contains the following entries:
|
CA Solution Class Name |
Translated Class Name |
FASTAUTH |
Used by CICS |
|---|---|---|---|
|
ACAPPL |
AC@PPL |
|
|
|
ACCBPROC |
AC@BPROC |
|
|
|
ACDIALOG |
AC@DLG |
|
|
|
ACLIST |
AC@LST |
|
|
|
ACMSG |
AC@SG |
|
|
|
ACPANEL |
AC@ANEL |
|
|
|
ACREPORT |
AC@EPORT |
|
|
|
ACSQL |
AC@QL |
|
|
|
CAADMIN |
CA@DMIN |
YES |
|
|
CACCFDSN |
CA@SNCCF |
|
|
|
CACCFMEM |
CA@EMCCF |
|
|
|
CACMD |
CA@MD |
YES |
YES |
|
CADDS |
CA$DS |
YES |
|
|
CADOC |
CA@OC |
|
|
|
CALENDAR |
CA@ENDAR |
YES |
|
|
CALIBMEM |
CA@IBMEM |
|
|
|
CAREPORT |
CA@EPORT |
YES |
|
|
CATAPE |
CA@APE |
YES |
|
|
CAVAPPL |
CA@APPL |
|
|
|
DATETAB |
DA@ETAB |
|
|
|
DCTABLE |
DC@ABLE |
YES |
|
|
DFTABLE |
DF@ABLE |
YES |
|
|
DOCVIEW |
DOCVIEW |
YES |
|
|
DRTABLE |
DR@ABLE |
YES |
|
|
DSTABLE |
DS@ABLE |
YES |
|
|
DTADMIN |
DT@DMIN |
YES |
|
|
DTSYSTEM |
DT@YSTEM |
YES |
|
|
DTTABLE |
DT@ABLE |
YES |
|
|
DTUTIL |
DT@TIL |
YES |
|
|
DUC |
TD$CTRN |
YES |
|
|
DXTABLE |
DX@ABLE |
YES |
|
|
JOBNAME |
JO@NAME |
|
|
|
MICCMD |
MI@CMD |
YES |
|
|
OPCMD |
OP@MD |
YES |
|
|
PANEL |
PA@EL |
YES |
|
|
RECIPID |
RE@IPID |
YES |
|
|
SCHEDULE |
SC@EDULE |
|
|
|
STATION |
ST@TION |
|
|
|
SUBMIT |
SU@MIT |
|
|
|
UNVEDIT |
UN@EDIT |
|
|
|
UNVRPRT |
UN@RPRT |
|
|
|
UNVPGM |
UN@PGM |
|
|
|
VMANAPPL |
VM@NAPPL |
|
|
|
VTRMNODE |
VT@MNODE |
|
|
Update the table with control statements as needed based on your past customizations.
Example
To change the CACMD entry to disable the fast RACF Check and to use CAADMIN under CICS, create a member with the following control statements:
RACFCLASS CACMD,CA@MD,FASTAUTH=NO RACFCLASS CAADMIN,CA@DMIN,FASTAUTH=YES,CICS=YES
To update RACF Class table entries, uncomment the CAIRACF DD statement in the CAS9 procedure that points to the RACFLIST member.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|