Previous Topic: Sample: Use CA Top Secret to Configure CA SYSVIEW for CA Insight DPM for DB2 PassTicketsNext Topic: User Access Requirements to Resources

Interfacing with External SecurityPassTicket ConfigurationSample: Use RACF to Configure CA SYSVIEW for CA Insight DPM for DB2 Component PassTickets

Sample: Use RACF to Configure CA SYSVIEW for CA Insight DPM for DB2 Component PassTickets

You can use IBM RACF to configure specific CA SYSVIEW for CA Insight DPM for DB2 PassTickets for validating access.

Note: These examples are provided as a guideline. Only a security administrator familiar with PassTicket configuration should execute this process. For detailed information about using these commands, see the IBM RACF product documentation.

Note: Before you begin Passticket configuration, verify that the PTKTDATA class and ownership for the PassTicket resource IRRPTAUTH have not been defined. If they have been defined, skip Step 1 and Step 2 in the following procedure.

Example: Use IBM RACF to Configure PassTickets for CA SYSVIEW for CA Insight DPM for DB2 Systems.

Follow these steps:

  1. Define the xnet_applid application by entering the following commands: 
    RDEFINE APPL xnet_applid UACC(NONE)
SETROPTS CLASSACT(APPL)

    Note: If you want to implement a generic user ID, specify the following additional command:

    SETROPTS GENERIC(PTKTDATA)
    xnet_applid

    Defines the application ID used for the PassTicket validation. This value is specified in the CA DB2 Tools Xnet INITPARM data set parameter PASSNAME and subsequently in the CA SYSVIEW DB2 PARMLIB XNET-PassTicketApplId parameter.

  2. Activate the PassTicket class if it is not currently active: 
    SETROPTS CLASSACT(PTKTDATA) RACLIST(PTKTDATA)
  3. Define profiles for the applications and specify the session keys: 
    RDEFINE PTKTDATA xnet_applid SSIGNON(KEYMASKED(FEDCBA9876543210))
    xnet_applid

    Defines the application ID used for the PassTicket validation. This value is specified in the CA DB2 Tools Xnet INITPARM data set parameter PASSNAME and subsequently in the CA SYSVIEW DB2 PARMLIB XNET-PassTicketApplId parameter.

    KEYMASKED

    Defines an encryption key for the application using values that are different from the values in the sample syntax.

    Note: The sample syntax demonstrates a complete key value of 16 hexadecimal digits (creating an 8-byte or 64-bit key). Each application key must be the same on all systems in the configuration and the values must be kept "secret."

    The profiles and session keys are defined.

  4. Permit access to the xnet_applid application for each CA SYSVIEW for CA Insight DPM for DB2 component user that is permitted to access the CA SYSVIEW for CA Insight DPM for DB2 component data from CA Insight DPM for DB2 using CA DB2 Tools Xnet: 
    PERMIT xnet_applid CLASS(APPL) ID(useridn)
    useridn

    Specifies the user ID of the users requesting access.

  5. Refresh the APPL and PTKTDATA classes with the following commands if they are RACLISTed: 
    SETROPTS RACLIST(APPL) REFRESH
SETROPTS RACLIST(PTKTDATA) REFRESH