Implementing External Security with CA ACF2 › Generate the SAF Resources with CA ACF2

Generate the SAF Resources with CA ACF2

You generate SAF resources to protect CA OPS/MVS commands and features. The automation expert generates the SAF resources.

Follow these steps:

1. Temporarily set your external security to off by issuing the following command:

   EXTSECURITY=OFF
   

2. Log in to a user ID that you can use to run the CA OPS/MVS utility program DEFSAF from data set opshlq.CCLXEXEC.

   Note: We recommend executing DEFSAF while your CA OPS/MVS subsystem is active. You can then retrieve the default values for EXTSECCLASS and EXTSECPREFIX from the running subsystem.

3. Run the DEFSAF REXX utility distributed in the opshlq.CCLXEXEC data set.

   This utility defines all the resources and groups for using external security.

   1. Log in to TSO with the user ID logged on in Step 2.
   2. Execute DEFSAF from either the ISPF or TSO command line.
      • Execute DEFSAF from an ISPF command line by entering the commands:

             ISPF EDIT on member DEFSAF in opshlq.CCLXEXEC
             !OI ALL ACT(DEFINE) BATCH(Y)
        

      • Execute DEFSAF from the TSO command line by entering the command:

             TSO OX 'opshlq.CCLXEXEC(DEFSAF)' ALL ACT(DEFINE)BATCH(Y)
        

        Executing the command string creates a dynamically allocated data set named tsoid.OPSx.DEFSAF. The default value for x is the subsystem ID of S.

      The created member DEFACF2 contains the CA ACF2 commands to define the resources and groups for CA OPS/MVS. Pass this member to a security administrator on the target host who has the CA ACF2 authority to execute the external security manager commands in the member.

The SAF resources are generated.