Defining Security Protection Profiles in CA ACF2Encryption Key Protection Profiles for CA ACF2 › Define CA ACF2 Pseudo-Global Encryption Key Definitions

Previous Topic: Encryption Key Protection Profiles for CA ACF2

Next Topic: Defining System Specific Encryption Key Protection Profiles for CA ACF2

Define CA ACF2 Pseudo-Global Encryption Key Definitions

This command has the following format:

$KEY(BESn.KEY********************************) TYPE(BES)
$OWNER(ownerid)
  UID(*) ALLOW
$KEY(

Specifies the definition of a CA ACF2 key set.

BES

Specifies this is a CA Tape Encryption resource. This is always BES.

n

Indicates the local BES subsystem number (1-8). You should create this rule set for each BES subsystem as necessary.

KEY********************************)

Generic encryption key name. The trailing asterisks should be used to ensure correct pattern matching.

TYPE(BES)

Specifies that this statement is a CA Tape Encryption resource. This should always be BES.

OWNER(ownerid)

Specifies the owner of the rule. You can specify up to 24 characters in the $OWNER control statement. CA ACF2 provides the $OWNER statement in case you want to track ownership of a rule.

UID(*) ALLOW

Allows all users access to the generic encryption key profile.