Beginning with CA Common Services (CCS) Version 14.1, changes to the CAS9SAFC resource translation table entries are performed using a new enhanced method. It is done using a CAS9 startup data set identified by a //CAIRACF DD statement instead of having to change, assemble and link edit the CCS CAS9SAFC source module. The data set can be a sequential data set or a PDS. In either case the LRECL must be 80. The appropriate overrides for the CA Datacom core product components are located in the SMP/E CABDSAMP library member CAS9SAFC. The CABDSAMP CAS9SAFC member can either be reference directly in the CCS CAS9 startup JCL or copied to a different data set.
For more information see the Version 14.1 CA Common Services Administration Guide. Below is a sample CAS9 startup JCL CAIRACF DD statement showing the direct reference method.
//CAIRACF DD DISP=SHR,DSN=CAI.SHLQ.CABDSAMP(CAS9SAFC)
?
The CAI.SHLQ.CABDSAMP(CAS9SAFC) member contents are as follows:
RACFCLASS DTSYSTEM,DT@YSTEM,FASTAUTH=NO,CICS=YES
RACFCLASS DTADMIN,DT@DMIN,FASTAUTH=NO,CICS=YES
RACFCLASS DTUTIL,DT@TIL,FASTAUTH=NO,CICS=YES
RACFCLASS DTTABLE,DT@ABLE,FASTAUTH=NO,CICS=YES
RACFCLASS DGTABLE,DG@ABLE,FASTAUTH=NO,CICS=YES
RACFCLASS DXTABLE,DX@ABLE,FASTAUTH=NO,CICS=YES
RACFCLASS DCTABLE,DC@ABLE,FASTAUTH=NO,CICS=YES
RACFCLASS DFTABLE,DF@ABLE,FASTAUTH=NO,CICS=YES
RACFCLASS DRTABLE,DR@ABLE,FASTAUTH=NO,CICS=YES
RACFCLASS DSTABLE,DS@ABLE,FASTAUTH=NO,CICS=YES
RACFCLASS DGTABLE,DG@ABLE,FASTAUTH=NO,CICS=YES
RACFCLASS DHTABLE,DH@ABLE,FASTAUTH=NO,CICS=YES
RACFCLASS DPTABLE,DP@ABLE,FASTAUTH=NO,CICS=YES
RACFCLASS DQTABLE,DQ@ABLE,FASTAUTH=NO,CICS=YES
For CA Common Services (CCS) Versions prior to 14.1, change the resource translation table in the CCS provided CAS9SAFC source member to indicate that a RACCHECK rather than FRACCHECK should be issued.
The following steps describe the necessary changes to the CAS9SAFC source for this option:
For Security Level 1, the DC Statement is as follows:
C'DTSYSTEM',C'DT@YSTEM',X'00',X'00',X'00',X'00' C'DTADMIN ',C'DT@DMIN ',X'00',X'00',X'00',X'00' C'DTUTIL ',C'DT@TIL ',X'00',X'00',X'00',X'00' C'DTTABLE ',C'DT@ABLE ',X'00',X'00',X'00',X'00'
For Security Level 2 the DC Statement is the same as for Level1, plus the following:
C'DXTABLE ',C'DX@ABLE ',X'00',X'00',X'00',X'00'
For Security Level 3 the DC Statement is the same as for Level1, and Level2, plus the following:
C'DCTABLE ',C'DC@ABLE ',X'00',X'00',X'00',X'00' C'DFTABLE ',C'DF@ABLE ',X'00',X'00',X'00',X'00' C'DRTABLE ',C'DR@ABLE ',X'00',X'00',X'00',X'00' C'DSTABLE ',C'DS@ABLE ',X'00',X'00',X'00',X'00'
For Security Level 4 the DC Statement is the same as for Level3.
For Security Level 5 the DC Statement is the same as for Level1, Level2, and Level3, plus the following:
C'DGTABLE ',C'DG@ABLE ',X'00',X'00',X'00',X'00' C'DHTABLE ',C'DH@ABLE ',X'00',X'00',X'00',X'00' C'DPTABLE ',C'DP@ABLE ',X'00',X'00',X'00',X'00' C'DQTABLE ',C'DQ@ABLE ',X'00',X'00',X'00',X'00'
This option requires a reassembly of the CAS9SAFC module. The standard that CA uses is to apply a USERMOD named CAS9MOD which has a ++MOD for CAS9SAFC. The CA Common Services for z/OS installation guide documents this process under the section on Customizing CAISSF for RACF or RACF-Compatible Products. Member CAS9CSSF documented in the CA Common Services for z/OS Installation Guide contains the code for the RECEIVE and APPLY. With each maintenance cycle for CAIRIM, restore CAS9MOD before the maintenance APPLY and then reimplement the source changes before reapplying the USERMOD.
|
Copyright © 2014 CA.
All rights reserved.
|
|