Implementing External Security with CA ACF2 › Add User Access to Product Resources

Add User Access to Product Resources

As the Administrator, you need two users added to your CA ACF2 external security package with the following access privileges:

• Provide user1 with READ access to address AOF (permitting safe verbs such as LIST).
• Provide user2 with UPDATE access to address AOF (permitting all verbs).

Use one of the following methods to implement the needed access permissions to address AOF.

• Run the supplied DEFSAF REXX utility either with or without GROUPS as follows:
  • Execute the supplied REXX program DEFSAF without GROUPS(N):

    TSO OX 'opshlq.CCLXEXEC(DEFSAF)’ OPSAOF ACT(PERMIT) SAFRO(user1)
    TSO OX 'opshlq.CCLXEXEC(DEFSAF)’ OPSAOF ACT(PERMIT) SAFRW(user2)
    

  • Execute DEFSAF with GROUPS(N) to permit the access without using groups:

    TSO OX 'opshlq.CCLXEXEC(DEFSAF)' OPSAOF ACT(PERMIT) SAFRO(user1) GROUPS(N)
    TSO OX 'opshlq.CCLXEXEC(DEFSAF)' OPSAOF ACT(PERMIT) SAFRW(user2) GROUPS(N)
    

  Note: Be sure that you ran DEFSAF earlier in batch mode (BATCH=Y) to create the basic CA ACF2 groups.

• Issue the following CA ACF2 commands from TSO or from JCL:

  TSO ACF
   SET XREF(ROL)
   CHANGE OPSAOFR INCLUDE(user1) ROLE ADD
   CHANGE OPSAOF INCLUDE(user2) ROLE ADD
   F ACF2,NEWXREF,TYPE(ROL)
  

  You can use masking to specify many users.

  Note: Be sure that you ran DEFSAF earlier in batch mode (BATCH=Y) to create the basic CA ACF2 groups.

• Issue the following CA ACF2 commands to add a rule line to permit user1 access to the resource OP$MVS.OPSAOF:

  TSO ACF
  SET RESOURCE(FAC)
  RECKEY OP$MVS ADD(OPSAOF.- USER(user1) ALLOW SERVICE(READ))
  RECKEY OP$MVS ADD(OPSAOF.- USER(user2) ALLOW SERVICE(READ,UPDATE))
  F ACF2,REBUILD(FAC)