Permit SAF Authority Using DEFSAF

External Security Considerations › Prepare to Use External Security › Permit SAF Authority Using DEFSAF

Permit SAF Authority Using DEFSAF

After you generate the SAF definitions and execute the commands, you can permit additional users to use the predefined SAF resource groups. You permit additional users in a generalized way through the PERMIT action of the DEFSAF utility.

Follow these steps:

Log in to TSO with the user ID that you can use to run the CA OPS/MVS utility program DEFSAF from data set opshlq.CCLXEXEC.
Execute DEFSAF from either the ISPF or TSO command line with ACT(PERMIT) to permit SAF authority.
- To execute DEFSAF with permit authority from an ISPF command line, enter the following commands:
```
ISPF EDIT on member DEFSAF in opshlq.CCLXEXEC
```
```
!OI OPSSOF ACT(PERMIT) SAFRO(SOFADMIN)
```
- To execute DEFSAF with permit authority from the TSO command line, enter the following command:
```
TSO OX 'opshlq.CCLXEXEC(DEFSAF)' OPSSOF ACT(PERMIT) SAFRW(SOFADMIN)
```
  Note: To use the permit action without using groups, add GROUPS(N) at the end of the command string.

You have permitted user SOFADMIN to have full access to all SOF commands.

More information:

Implementing External Security with CA Top Secret

Implementing External Security with CA ACF2

Implementing External Security with RACF

Resource Tables and Predefined Resources

Tell Technical Publications how we can improve this information