Limited Documentation
The following information is not intended to replace nor supersede any information in the RACF documentation for the version being executed. Any samples are not intended to display all features of RACF.
The IBM RACF facility for a z/OS environment supports user-defined resources which can be used by CA Datacom. Changes are required to the CAISSF component of CA Common Services for z/OS. See the CA Common Services for z/OS Installation Guide.
Note: To help ensure proper CICS interface with the IBM RACF product, verify that the DFHSIT macro parameter EXTSEC is coded YES. We also recommend coding the IBM DFHSNT macro parameter EXTSEC=YES. For more information, see IBM documentation.
User resource names in RACF are required to have a special character in the name. The CA Datacom resource names are altered for RACF as follows. The pattern is that the third character in the resource name is replaced with an @ sign.
|
CA Datacom/DB |
RACF |
|
DTSYSTEM |
DT@YSTEM |
|
DTADMIN |
DT@DMIN |
|
DTTABLE |
DT@ABLE |
|
DXTABLE |
DX@ABLE |
|
DCTABLE |
DC@ABLE |
|
DFTABLE |
DF@ABLE |
|
DRTABLE |
DR@ABLE |
|
DSTABLE |
DS@ABLE |
|
DGTABLE |
DG@ABLE |
|
DHTABLE |
DH@ABLE |
|
DPTABLE |
DP@ABLE |
|
DQTABLE |
DQ@ABLE |
|
DTUTIL |
DT@TIL |
Add the resource name definitions (from the previous table) to the RACF Class Descriptor table (ICHERCDE) and to the RACF SAF Router Table (ICHRFRTB). See your RACF documentation for the syntax for these commands.
The RACF resource rights (arranged in hierarchical sequence) for the DTTABLE resource class equate to those for CA Datacom/DB as follows:
|
CA Datacom/DB |
RACF |
|
READ |
READ |
|
UPDATE |
UPDATE |
|
DELETE |
CONTROL |
|
ADD |
ALTER |
RACF authorizations are hierarchical, that is:
Add the specific security rules to secure the CA Datacom resources as defined in the general documentation section earlier in this chapter.
For more information, see Enabling Online Signons.
|
Copyright © 2014 CA.
All rights reserved.
|
|