How to Configure PassTicket for CA Insight Database Performance Monitor › Configure PassTicket in ESM › Example: Use IBM RACF to Configure PassTicket

Example: Use IBM RACF to Configure PassTicket

Note: This example is provided as a guideline. For detailed information about using these commands, see the IBM RACF product documentation.

You want to configure PassTicket for the DB2TOOLS application. DB2TOOLS is the application name (appl_name) that is used in this example.

Follow these steps:

1. Define the DB2TOOLS application by entering the following commands:

   RDEFINE APPL DB2TOOLS UACC(NONE)
   SETROPTS CLASSACT(APPL)
   SETROPTS GENERIC(PTKTDATA)
   

2. Activate the PassTicket class if it is not currently active:

   SETROPTS CLASSACT(PTKTDATA) RACLIST(PTKTDATA)
   

3. Define a profile that associates a session key with DB2TOOLS:

   RDEFINE PTKTDATA DB2TOOLS SSIGNON(KEYMASKED(session_key)) APPLDATA('NO REPLAY PROTECTION')
   

   session_key

   Defines a session (encryption) key using 16 hexadecimal digits (creating an 8-byte or 64-bit key). Use a site-specific key value. Keep the value secret.

   Example: 0123456789ABCDEF

   The profile and CA Insight DPM session key are defined. The same PassTicket can be reused multiple times.

4. Enable the WILYZOS job to generate PassTicket for the DB2TOOLS application:

   RDEFINE PTKTDATA IRRPTAUTH.DB2TOOLS.* UACC(NONE)
   PERMIT IRRPTAUTH.DB2TOOLS.* ID(wilyzos_user_id) CLASS(PTKTDATA) ACCESS(UPDATE)
   

5. Permit access to the DB2TOOLS application for each user that is permitted to access the CA Insight DPM data:

   PERMIT DB2TOOLS CLASS(APPL) ID(wilyzos_user_id) ACCESS(READ)
   PERMIT DB2TOOLS CLASS(APPL) ID(useridn)
   

   useridn

   Specifies the user ID of the user requesting access to CA Cross-Enterprise APM.

6. Refresh the APPL and PTKTDATA classes with the following commands:

   SETROPTS RACLIST(APPL) REFRESH
   SETROPTS RACLIST(PTKTDATA) REFRESH
   

The WILYZOS job can generate PassTicket for the specified user IDs.