Preparing the IBM Communications Server › User Functionality Authorization

User Functionality Authorization

Note: If you are using CA ACF2 for z/OS, you do not need to perform this task unless it is set up to protect operator commands.

Your product uses z/OS operator VARY commands to drop connections. The user ID associated with your product region must be authorized by your security system to issue these commands.

The OPERCMDS resource to be accessed with UPDATE access level is MVS.VARY.TCPIP.DROP OPERCMDS.

Authorize individual users to the OPERCMDS resources if you:

• Plan to configure your system to use SAF user security
• Are using a partial security exit that returns a SAF UTOKEN, for example NMSAFPX

Example: Authorization in a CA ACF2 System that Protects Operator Commands

$KEY(MVS) TYPE(OPR)
VARY.TCPIP.- UID(uid_string) SERVICE(UPDATE) ALLOW

Example: Authorization in a CA Top Secret System

TSS PER(XXXXXX) OPERCMD(MVS.VARY.) ACCESS(UPDATE)

Example: Authorization in a RACF System

PE MVS.VARY.TCPIP.* CLASS(OPERCMDS) ID(uuuuuuu) ACCESS(UPDATE)