Installing Your Product from Pax-Enhanced ESD › Apply Maintenance › Data Set Authorization › External Security Setup

External Security Setup

CA PanAPT issues external security calls almost about every function and action related to CA PanAPT functionality. CA PanAPT uses the CA Standard Security Facility (CAISSF), which is a standardized security interface to CA ACF2, CA Top Secret, and RACF. The CA PanAPT User Identification Facility (UIF) also interfaces with external security. All security rules are in DSN format so that the rules built by CA PanAPT are the same regardless of the security package you are running.

To use the external security interface

1. Define PANAPT as a resource class to your security system.
2. Use the high-level ownership for CA Top Secret or the key for CA ACF2 as follows:
   • PANAPTF for CA PanAPT functionality
   • PANAPTU for CA PanAPT/UIF functionality
3. If your security package requires access rules, then you must update your security system to allow access for the following security checks:
   • Require a CA PanAPT/UIF logon system ID to access CA PanAPT. The CAISSF rule is:

     PANAPTU.PANAPT
     

   • Authorize the system ID entered or that was selected from an MSL. The CAISSF rule is:

     PANAPTU.PANSYSID.system-id
     

   • Authorize CA-PanAPT/UIF usage to create or change logon system IDs. The CAISSF rule is:

     PANAPTU.PANUIF
     

   • Allow CA-PanAPT activities for authorized system ID. The CAISSF rule is:

     PANAPTF.system-id.xxxxxxxx.xxxxxxxx.xxxxxxx
     

See the CA ACF2 Example that allows access to all users and all activities.