The following sample file is available on the VMDIRECT 176 disk. It shows the CA Top Secret for z/VM commands needed to authorize access to CA VM:Director commands for different kinds of users. You should tailor the sample according to your installation’s requirements.
Note: For more information about these commands, see the CA Top Secret for z/VM documentation.
/* TSSVME sample file */
/* Use RESCODE in the range 01-3F to define an RIE resource. */
/* It is a general resource, rather than a prefixed resource. */
/* A default ACLST is implied with two levels - ALL and NONE. */
/* The default access level (DEFACT) value is ALL. */
"TSS ADDTO(RDT) RESCLASS(CAVMCMD) RESCODE(3F)" ,
"ATTR(MASK,DEFPROT)" ,
"MAXLEN(80)"
/* Define the cadirect. resource name */
"TSS ADDTO(CAIMAINT) CAVMCMD(CADIRECT.)"
/* Define the facility connection resource */
"TSS ADDTO(CAIMAINT) IBMFAC(ICHCONN)"
/* Allow VMDIRECT to issue RACROUTE requests */
/* Access(Read) allows REQUEST=AUTH */
/* Access(Update) allows REQUEST=VERIFY */
"TSS PERMIT(VMDIRECT) IBMFAC(ICHCONN) ACCESS(UPDATE)"
/* System Admin Authorizations */
"TSS PERMIT(MAINT) CAVMCMD(CADIRECT.)"
"TSS PERMIT(VMANAGER) CAVMCMD(CADIRECT.)"
/* Directory Manager Authorizations */
/* This set of authorizations is issued for each user who */
/* is a CA VM:Director Directory Manager. The sample shows a */
/* set of authorizations for VM user IDs: */
/* DIRMGR1 and DIRMGR2. */
/* Substitute the user IDs of your own Directory Manager */
/* users. */
/* Authorizations for DIRMGR1 who is a Directory Manager */
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.ASSIGN.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.CACHED)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.CHANGE.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.DELENTRY.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.DISPLINK.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.EXPIRE.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MANAGE.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MAINTMAN.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MDSKSCAN.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.PASSWORD.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.QUERY)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.RESET.USERPASS.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.RESET.VMXLINK.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.TRANSFER.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.USER.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.ADDENTRY.SYSTEM.NEWUSER.*)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MANSEL01.SYSTEM.NEWUSER)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MULTIPLE.NEWUSER)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MANSEL02.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MANSEL03.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MANSEL04.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MANSEL05.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MANSEL06.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MANSEL07.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MANSEL08.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MANSEL09.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.MANSEL10.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.USESEL01.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.USESEL02.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.USESEL06.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.USESEL07.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.USESEL08.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.USESEL10.*.DIRMGR1)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.USESEL11.*.DIRMGR1)"
/* Authorizations for DIRMGR2 who is a Directory Manager */
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.ASSIGN.*.DIRMGR2)"
"TSS PERMIT(DIRMGR1) CAVMCMD(CADIRECT.CACHED)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.CHANGE.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.DELENTRY.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.DISPLINK.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.EXPIRE.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MANAGE.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MAINTMAN.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MDSKSCAN.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.PASSWORD.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.QUERY)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.RESET.USERPASS.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.RESET.VMXLINK.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.TRANSFER.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.USER.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.ADDENTRY.SYSTEM.NEWUSER.*)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MANSEL01.SYSTEM.NEWUSER)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MULTIPLE.NEWUSER)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MANSEL02.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MANSEL03.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MANSEL04.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MANSEL05.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MANSEL06.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MANSEL07.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MANSEL08.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MANSEL09.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.MANSEL10.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.USESEL01.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.USESEL02.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.USESEL06.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.USESEL07.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.USESEL08.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.USESEL10.*.DIRMGR2)"
"TSS PERMIT(DIRMGR2) CAVMCMD(CADIRECT.USESEL11.*.DIRMGR2)"
/* General User Authorizations */
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.MAINT.LINK)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.MAINT.MDPW)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.MAINT.MGRID)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.MAINT.PASSWORD)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.MAINT.REVIEW)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.MAINT.RLINK)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.MAINT.STORAGE)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.MAINT.TRANSFER)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.QUERY.ACCOUNT.SYSTEM.SELF)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.QUERY.LOGMSG.SYSTEM)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.USESEL01.SYSTEM.SELF)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.USESEL02.SYSTEM.SELF)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.USESEL06.SYSTEM.SELF)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.USESEL07.SYSTEM.SELF)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.USESEL08.SYSTEM.SELF)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.USESEL10.SYSTEM.SELF)"
"TSS PERMIT(ALL) CAVMCMD(CADIRECT.USESEL11.SYSTEM.SELF)"
|
Copyright © 2014 CA.
All rights reserved.
|
|