|
|
|
You must define the CA@BES general resource class to your security system before you can perform any tape encryption processing. The CA@BES resource class must be defined using the parameters specified in this section.
We recommend that you create the CA@BES resource class from the dynamic class definition statement, RDEFINE rather than adding the entry to the static resource definition table, ICHRRC01, and the SAF router table ICHRFRTB. This lets you modify the CA@BES class description without having to IPL z/OS.
Example: Define the CA@BES Resource Class for RACF
This example shows the use of the RDEFINE command to define the CA@BES class in IBM Security Server RACF.
RDEFINE CDT CA@BES
UACC(NONE)
CDTINFO(DEFAULTUACC(NONE)
FIRST(ALPHA)
MAXLENGTH(150)
OTHER(ALPHA,NUMERIC,SPECIAL)
POSIT(050)
RACLIST(ALLOWED))
DATA('CA Tape Encryption SECURITY RESOURCE PROFILES')
Note: All of the parameters on the RDEFINE statement must be coded as shown with the exception of the POSIT parameter. If you have an existing POSIT value that matches the values assigned to the CA@BES resource class (CLASSACT, GENERIC, GENCMD, RACLIST(ALLOWED)) you can use that value.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |