For the CA, Inc. Event Notification Facility (CAIENF) to spawn the SPAWNPROC defined to the C1DEFLTS table, the task must be defined to your security software package with a corresponding default user ID. Using these definitions, CAIENF will start the spawned task. The task will start under the security context of the default user ID, but then switch security context to that of the user submitting the CA Endevor SCM job.
Important: In the following description ENDEVOR is used as both the SPAWNPROC started task name and its corresponding user ID. If your site already has user ID ENDEVOR defined as the alternate user ID, do not use ENDEVOR for your task name or task user ID. Instead, select a different value. The alternate ID (ALTID) is defined in the C1DEFLTS table as RACFUID=ENDEVOR.
To customize IBM RACF to allow the Concurrent Action Processing started task to initialize correctly, complete the following steps:
Note: For more information, see the IBM RACF Security Administrator Guide.
ADDUSER user_name DFLTGRP(default_group) OWNER(default_group) NOPASSWORD
Specifies the name of the new RACF user ID. This name should be the same as the name of the started task member in your PROCLIB that CAP uses.
Specifies the default group that contains all system started tasks; for example, STCGROUP.
Note: This command is only an example. For more information about using the ADDUSER command, see your RACF administrator.
Note: If you do not know the name of the default group, see your RACF administrator. For detailed information to implement the RACF STARTED class or to modify the started task table (ICHRIN03), see the IBM RACF Security Administrator Guide.
|
Copyright © 2013 CA.
All rights reserved.
|
|