SAF Interface Activation (BES.SECURITY)

Defining Security Protection Profiles in IBM Security Server RACF › SAF Interface Activation (BES.SECURITY)

SAF Interface Activation (BES.SECURITY)

During CA Tape Encryption initialization or SECURITY reload processing the BES SAF Interface performs the following steps to determine whether the SAF Interface is activated or should be activated:

Issue a RACF status call to determine whether CA@BES has been defined and activated.
Attempt to extract the SAF Interface BES.SECURITY control entity. BES.SECURITY can only be defined at the GLOBAL level.
Extract, parse, and validate the SAF Interface control parameter. The SAF Interface control parameter is defined on the BES.SECURITY APPLDATA field on the RDEFINE command. Valid SAF Interface control parameters are ACTIVE or INACTIVE. ACTIVE will activate the CA Tape Encryption SAF Interface. INACTIVE will deactivate the SAF Interface if currently active or will prevent the SAF Interface from being initialized.

If any of these steps fail, the SAF Interface will not be activated and each BESn subsystem will default to a resource protection level of PERMIT (no protected resources) and will disable security data set selection.

Note: The SAF Interface can only be controlled at the global level.

Tell Technical Publications how we can improve this information