Previous Topic: Customize CA Top SecretNext Topic: Customize RACF

Interfacing with External SecurityPurpose of External SecurityCustomize CA ACF2

Customize CA ACF2

CA ACF2 must be customized to activate the CA SYSVIEW interface.

Follow these steps:

  1. Define security requirements for the CA SYSVIEW address space by using the following CA ACF2 commands to create an STC logon ID: 
    READY
ACF
INSERT SYSVIEW NAME(SYSVIEW) STC
  2. Be sure that the SYSVIEW address space has access to needed resources by granting access to the NON-CNCL logon ID permission.

    Use the following commands:

    ACF
CHANGE SYSVIEW NON-CNCL
CHANGE SYSVUSER NON-CNCL
  3. Add OMVS segment to the SYSVIEW and SYSVUSER logon ID. 
    ACF
CHANGE SYSVIEW GROUP(OMVSGRP) UID(0) HOME(/) OMVSPGM(/bin/sh)
CHANGE SYSVUSER GROUP(OMVSGRP) UID(0) HOME(/) OMVSPGM(/bin/sh)
  4. (Optional) Define the optional system access requirements through the MUSID option of the SYSVIEW logon ID record. When specified in the SYSVIEW logon ID, users are required to have a special permission bit in their logon ID record before accessing CA SYSVIEW. The name of the field is arbitrary. Be sure that the name conforms to site definitions for naming logon ID fields.
    1. ADD the MUSID permission to the SYSVIEW logon ID as follows: 
      ACF
SET LID
CHANGE SYSVIEW MUSID(SYSVIEW)
    2. Create a bit field in the logon ID record named SYSVIEW using the following CA ACF2 macro named CFDE: 
      @CFDE   SYSVIEW,LIDI1FLG,BIT.ALTER=SECURITY+ACCOUNT,
LIST=ALL,FLAGS=NULL,GROUP=2,BITMAP=LIDI1F1

    The user access requirements are defined, which completes your CA ACF2 security system customization.

Note: For more information about how to write data set and resource rules and information related to the CFDE macro, see the CA ACF2 documentation.