|
|
|
If you want to ensure the highest level of security, define the SERVAUTH profile name EZB.NETMGMT.sysname.tcpname.SYSTCPSM and grant the NMFTP Monitor user ID READ access to this profile name.
Important! After the SERVAUTH facility has been defined to your security system, TCP/IP resource protection will be enabled. This affects the ability of users to access TCP/IP resources other than just SYSTCPSM. For example, it may restrict the ability to open sockets, bind to non-ephemeral ports, use Netstat, and use certain network resources. Before using this method, see IBM’s Communications Server IP Configuration Guide for more information about TCP/IP resource protection.
Important! If your security setup does not distinguish between a resource profile not defined and a user not permitted to that resource, you may need to define profiles for resources other than just SYSTCPSM whenever the SERVAUTH class is active. See IBM’s Communications Server IP Configuration Guide for more information.
Note: We recommend that you use this method.
SET RESOURCE(SERVAUTH) COMPILE * $KEY(EZB) TYPE(SERVAUTH) NETMGMT.SYSA.TCPIPA.SYSTCPSM UID(USER1) SERVICE(READ) ALLOW STORE
Note: Instead of using TSO, you can use the ACFBATCH utility in JCL. If you do this, omit the [ACF] and [END] lines.
TSS ADD SERVAUTH(EZB.NETMGMT.SYSA.TCPIPA.SYSTCPSM) TSS PER(nmuser) SERVAUTH(EZB.NETMGMT.SYSA.TCPIPA.SYSTCPSM) ACCESS(READ)
RDEFINE SERVAUTH EZB.NETMGMT.SYSA.TCPIPA.SYSTCPSM UACC(NONE) SETR RACLIST(SERVAUTH) REFRESH PE EZB.NETMGMT.SYSA.TCPIPA.SYSTCPSM CLASS(SERVAUTH) ID(nmuser) ACCESS(READ)
| Copyright © 2012 CA. All rights reserved. |
|