Using the TBESAF99 Utility to Generate Security Profiles › TBESAF99 Utility › How TBESAF99 Generates Security Profiles

How TBESAF99 Generates Security Profiles

The TBESAF99 utility program uses a general definition language that generates security system-specific control statements. Use the TBESAF99 utility to generate security profiles, as the following points outline:

1. Create generic security control statements for your environment as input to TBESAF99.
2. The utility parses and verifies the control statements to ensure that they conform to the command structures required by your security system database.
3. The utility generates either a partitioned data set or a sequential data set containing these security profile control statements.
4. The batch interface utility of your security system, for example ACFBCOMP, TSOBATCH or TSSBATCH can be used to import the generated control statements to your security system.
5. After generating the security-system specific control statements you should edit them to customize to your environment standards and to provide appropriate permission statements.

After the control statements have been processed by your security system, they will be available to the BES subsystem when it is next started as long as the security manager's resource profiles are refreshed or rebuilt.

To refresh or rebuild security manager resource profiles use the following appropriate refresh or rebuild command:

• IBM RACF RACLIST refresh command:

  SETR RACL (CA@BES) REF
  

  Optionally, if your OPERCMDS resource class is RACLISTED issue the following command:

• SETR RACL (OPERCMDS) REF
• CA ACF2 rebuild commands:

  F ACF2,REBUILD(BES)
  F ACF2,REBUILD(OPR)
  

• CA Top Secret refresh command:

  TSS REFRESH(tssstcacid) JOB(BESn)
  

After issuing the appropriate security system refresh or rebuild command each BESn subsystem will need to rebuild its security environment. Issue the following console command on each BES subsystem:

BESn RELOAD=SECURITY