|
|
|
The following sample shows a global control statement in TBESAF99 format. In this example, the key is named default_encryption_key.
BES TYPE=GLOBAL,
SECURITY=RACF, ENABLED=YES, UTILITIES=PERMIT, CAEKMAPI=PERMIT, COMMANDS=PERMIT, KEYS=PROTECT, OWNER=RACFOWNR, DEFAULT=(BES1=(default_encryption_key))
The following sample shows the resulting control statements generated by TBESAF99 for importing into IBM Security Server RACF. It defines the RACF class descriptor table entries that warehouse the CA@BES resource class entries. It also defines a global command protection profile (for example, command, key, and utility), enables the security profile, and defines the default encryption key to use.
Note: The CA@BES resource class should be RACLISTed to allow for optimum performance.
RDEF CDT CA@BES
UACC(NONE)
CDTINFO(DEFAULTUACC(NONE)
FIRST(ALPHA)
MAXLENGTH(150)
OTHER(ALPHA,NUMERIC,SPECIAL)
POSIT(050)
RACLIST(ALLOWED))
SETROPTS RACLIST(CDT) REFRESH SETROPTS GENERIC(CA@BES) SETROPTS GENCMD(CA@BES) SETROPTS CLASSACT(CA@BES) SETROPTS RACLIST(CA@BES) REFRESH
AU RACFOWNR
NAME('CA Tape Encryption')
DATA('CA Tape Encryption SECURITY ENCRYPTION OWNER')
RDEF CA@BES BES.COMMANDS.PERMIT
OWNER(RACFOWNR)
RDEF CA@BES BES.UTILITY.PERMIT
OWNER(RACFOWNR)
RDEF CA@BES BES.CAEKMAPI.PERMIT
OWNER(RACFOWNR)
RDEF CA@BES BES.KEYS.PROTECT
OWNER(RACFOWNR)
RDEF CA@BES BES.DEFAULT
OWNER(RACFOWNR)
DATA('BES=(RACFDEFAULT)')
RDEF CA@BES BES.SECURITY
OWNER(RACFOWNR)
DATA('ACTIVE' )
Note: RDEFINE and RDEF are synonyms. IBM Security Server RACF accepts RDEF as the minimum control word.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |