Preparing for Installation › Security Requirements › External Security Setup

External Security Setup

CA PanAPT issues external security calls for just about every function and action related to CA PanAPT functionality. CA PanAPT uses the CA Standard Security Facility (CAISSF), which is a standardized security interface to CA ACF2, CA Top Secret for z/OS, and RACF. The CA PanAPT User Identification Facility (UIF) also interfaces with external security.

All security rules are in DSN format so that the rules built by CA PanAPT are the same regardless of the security package you are running.

To use the external security interface

1. Define PANAPT as a resource class to your security system.
2. Use the high‑level ownership for CA Top Secret or the key for CA ACF2 as follows:
   • PANAPTF for CA PanAPT functionality
   • PANAPTU for CA PanAPT/UIF functionality

   If your security package requires access rules, you must update your security system to allow access for the following security checks:

   • Require a CA PanAPT/UIF logon system ID to access CA PanAPT. The CAISSF rule is:

     PANAPTU.PANAPT
     

   • Authorize the system ID entered or that was selected from an MSL. The CAISSF rule is:

     PANAPTU.PANSYSID.system-id
     

   • Authorize CA PanAPT/UIF usage to create or change logon system IDs. The CAISSF rule is:

     PANAPTU.PANUIF
     

   • Allow CA PanAPT activities for authorized system ID. The CAISSF rule is:

     PANAPTF.system-id.xxxxxxxx.xxxxxxxx.xxxxxxx
     

See CA ACF2 Example, which allows access to all users and all activities.