Configuring Your Product › Activate the CA Disk System › Activate CA Disk Features › Activate Miscellaneous Security Features › Parmlib Security — PARMAUTH

Parmlib Security — PARMAUTH

To restrict your users to a list of authorized CA Disk parmlibs or to activate the Storage Administrator’s FACILITY Class Profiles, activate the Security Feature by installing user exit USERMOD5 as follows:

1. Locate the source for the Parmlib Security Feature in member PARMAUTH, located in the library associated with the CCUWSAMP DDDEF. The following illustration is a sample source for PARMAUTH:

   PARMAUTH TITLE 'CA Disk SYSTEM PARAMETER DATA SET SECURITY'          
   ***********************************************************************
            COMPILE ASEM=RENT,LKED=RENT                                  *
   *                                                                     *
   * DESCRIPTION:                                                        *
   *    THIS IS A SAMPLE USERMOD USED TO TAILOR SYSPARM DATA SET         *
   *    SPECIFICATION SECURITY.                  .                       *
   *                                                                     *
   *    READ THE PARMAUTH-MACRO PROLOG FOR SPECIFICATIONS OF OPTIONS     *
   *    YOU MAY OVERRIDE.                                                *
   *                                                                     *
   PARMAUTH PARMAUTH SECURITY=NO,                                        X
                  SECURLIB=SYS1.PARMLIB,                                 X
                  SECURTBL=ZDMSPARM,                                 @001X
                  STGADMIN=NO,                                       @001X
                  STGADLIB=SYS1.PARMLIB,                             @001X
                  STGADTBL=ZDMSSTGA                                  @001
            END
   

2. To ensure that the changes you make to PARMAUTH are protected during future CA Disk installs or maintenance, copy this member into the source library associated with the //USERASM dd statement in USERMOD5.
3. Customize PARMAUTH as follows:
   • Activate the Parmlib Security Feature by specifying, YES to the SECURITY= parameter. The default is NO, which deactivates the feature.
   • Alter the SECURLIB= parameter as required. The value you specify is the name of the data set that stores the list of authorized parmlibs. The default is SYS1.PARMLIB. However, this can be any highly protected library available to CA Disk, TSO, and ISPF users with an LRECL of 80.
   • Alter the SECURTBL= parameter as required. The value you specify is the name of the member that stores the actual list of authorized parmlibs. The default is ZDMSPARMS.
   • Activate Storage Administer FACILITY Class Profiles by specifying, YES or LIBRARY to the STGADMIN= parameter. The default is NO, which deactivates the feature.
   • Specifying YES causes CA Disk to search for the specified Table in the active PARMLIB with the name specified in the STGADTBL parameter. The member must reside in an authorized PARMLIB and requires that the SECURITY parameter be specified as YES.
   • Specifying LIBRARY to the STGADMIN parameter will cause CA Disk to search for the specified Table in the Library specified in STGADLIB. This option does not require PARMLIB Security to be activated.

     Note: If you are currently running with PARMLIB Security deactivated and you want to activate Storage Administration FACILITY Class Profiles; you can use the LIBRARY option. The YES option requires a set of profiles in each Parmlib concatenation. Though this is very flexible, it is harder to administer and can be misused.

   • Alter the STGADLIB= parameter, as required. Specify the name of the partitioned data set that stores the list of Functions and the corresponding FACILITY class profile. The default is SYS1.PARMLIB. However, CA Disk, TSO, and ISPF users with an LRECL of 80 can read any highly protected library, which is available.
   • Alter the STGADTBL= parameter as required. Specify the name of the member that stores the actual list of Functions and the corresponding FACILITY class profile.
   • The default is ZDMSSTGA. The distribution PARMLIB provides a sample member under the name SAMPZADM. The format of the table is documented in the chapter "PARMLIB" in the Systems Guide.
   • Save your work by issuing SAVE at the TSO command line.
4. Create member to store your authorized parmlibs. The data set must match that specified for SECURLIB=, and the member must match that specified for SECURTBL=.

   If you allowed SECURLIB= to remain at its default value, you must create the member ZDMSPARM in your cataloged SYS1.PARMLIB data set.

   To create a list of authorized parmlibs, use the sample SAMPZDMS in PARMLIB.

   To prevent a security exposure, only cataloged CA Disk parmlibs can be authorized. If a user creates an uncataloged parmlib, then tries to use the parmlib using the VOL=SER= parameter, CA Disk notes that the parmlib is uncataloged or incorrectly cataloged, issues a descriptive message and abends.

   Note: If you are installing a new release and have created a test parmlib, include this test parmlib in the list. If you want to keep your production users from using your test parmlib, instruct your security package to restrict access.