|
|
|
Use the PERMIT command to define permissions for a specific key and one or more specific users on a specified subsystem for IBM Security Server RACF. Use this command with an associated RDEFINE command for the key.
This command has the following format:
PE BESn.key_type.key_name
ACCESS(READ)
GENERIC
CLASS(CA@BES)
ID(username[,username,…])
Indicates the PERMIT command.
Indicates the local BES subsystem number (1-8). If you specify BES without a subsystem identifier, the profile becomes a global profile and is applied to all BES subsystems.
Indicates the type of key to define. Options for this parameter are as follows:
Specifies a code book.
Specifies a digital certificate key pair.
Specifies a symmetric key.
Specifies the name of the key.
Specifies the permission access granted. This value is always READ. It allows the specified user to use the key.
Specifies that the key name name is treated like a generic name, even if no generic characters are specified.
Specifies the general resource class for CA Tape Encryption. For keys, this is always CA@BES.
Specifies one or more user names that have permission to use the key.
Example: Permit a user to access a key on a specific subsystem
This example defines permission for user SECADMIN to use a symmetric key named AES256_KEY on BES4.
PE BES4.KEYSYMM.AES256_KEY
ACCESS(READ)
GENERIC
CLASS(CA@BES)
ID(SECADMIN)
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |