Previous Topic: Activate Miscellaneous Security FeaturesNext Topic: Install USERMOD5


Parmlib Security — PARMAUTH

To restrict your users to a list of authorized CA Disk parmlibs or to activate the Storage Administrator’s FACILITY Class Profiles, activate the Security Feature by installing user exit USERMOD5 as follows:

  1. Locate the source for the Parmlib Security Feature in member PARMAUTH, located in the library associated with the CCUWSAMP DDDEF. The following illustration is a sample source for PARMAUTH:
    PARMAUTH TITLE 'CA Disk SYSTEM PARAMETER DATA SET SECURITY'          
    ***********************************************************************
             COMPILE ASEM=RENT,LKED=RENT                                  *
    *                                                                     *
    * DESCRIPTION:                                                        *
    *    THIS IS A SAMPLE USERMOD USED TO TAILOR SYSPARM DATA SET         *
    *    SPECIFICATION SECURITY.                  .                       *
    *                                                                     *
    *    READ THE PARMAUTH-MACRO PROLOG FOR SPECIFICATIONS OF OPTIONS     *
    *    YOU MAY OVERRIDE.                                                *
    *                                                                     *
    PARMAUTH PARMAUTH SECURITY=NO,                                        X
                   SECURLIB=SYS1.PARMLIB,                                 X
                   SECURTBL=ZDMSPARM,                                 @001X
                   STGADMIN=NO,                                       @001X
                   STGADLIB=SYS1.PARMLIB,                             @001X
                   STGADTBL=ZDMSSTGA                                  @001
             END
    
  2. To ensure that the changes you make to PARMAUTH are protected during future CA Disk installs or maintenance, copy this member into the source library associated with the //USERASM dd statement in USERMOD5.
  3. Customize PARMAUTH as follows:
  4. Create member to store your authorized parmlibs. The data set must match that specified for SECURLIB=, and the member must match that specified for SECURTBL=.

    If you allowed SECURLIB= to remain at its default value, you must create the member ZDMSPARM in your cataloged SYS1.PARMLIB data set.

    To create a list of authorized parmlibs, use the sample SAMPZDMS in PARMLIB.

    To prevent a security exposure, only cataloged CA Disk parmlibs can be authorized. If a user creates an uncataloged parmlib, then tries to use the parmlib using the VOL=SER= parameter, CA Disk notes that the parmlib is uncataloged or incorrectly cataloged, issues a descriptive message and abends.

    Note: If you are installing a new release and have created a test parmlib, include this test parmlib in the list. If you want to keep your production users from using your test parmlib, instruct your security package to restrict access.