Previous Topic: Implementing External Security for CA Top SecretNext Topic: PDS Members

SecurityExternal SecurityImplement External Security for CA ACF2

Implement External Security for CA ACF2

To implement external security for CA ACF2, do the following:

Note: For more information about the commands listed here, see the CA ACF2 Administration Guide. The sample jobs can be found in CVDEJCL member RMOACF2.

  1. Map the CA Deliver resource types to CA ACF2 resource types, for example: 
    //EXAMPLE   JOB ACCOUNT,PROGRAMMER
//CLAS EXEC PGM=IKJEFT01
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *

    ACF
SET CONTROL(GSO)
INS CLASMAP.DLV@ACT  RESOURCE(DLV@ACT)  RSRCTYPE(DAC) ENTITYLN(37)
INS CLASMAP.DLV@BACT RESOURCE(DLV@BACT) RSRCTYPE(DBA) ENTITYLN(37)
INS CLASMAP.DLV@BANR RESOURCE(DLV@BANR) RSRCTYPE(DBR) ENTITYLN(13)
INS CLASMAP.DLV@BNDL RESOURCE(DLV@BNDL) RSRCTYPE(DBN) ENTITYLN(37)
INS CLASMAP.DLV@DBAS RESOURCE(DLV@DBAS) RSRCTYPE(DBS) ENTITYLN(22)
INS CLASMAP.DLV@DIST RESOURCE(DLV@DIST) RSRCTYPE(DDI) ENTITYLN(37)
INS CLASMAP.DLV@JOB  RESOURCE(DLV@JOB)  RSRCTYPE(DJB) ENTITYLN(13)
INS CLASMAP.DLV@PANL RESOURCE(DLV@PANL) RSRCTYPE(DPN) ENTITYLN(13)
INS CLASMAP.DLV@REPT RESOURCE(DLV@REPT) RSRCTYPE(DRP) ENTITYLN(37)
/*
  2. Tell CA ACF2 about the SAF calls that CA Deliver is making, for example: 
    //EXAMPLE   JOB ACCOUNT,PROGRAMMER
//SAFD EXEC PGM=IKJEFT01
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *

    ACF
SET CONTROL(GSO)
INS SAFDEF.DLV@ACT  ID(DLV@ACT)  PROGRAM(RMO-) RB(RMO-) -
    NOAPFCHK RACROUTE(REQUEST=AUTH,CLASS=DLV@ACT,STATUS=ACCESS)
INS SAFDEF.DLV@BACT ID(DLV@BACT) PROGRAM(RMO-) RB(RMO-) -
    NOAPFCHK RACROUTE(REQUEST=AUTH,CLASS=DLV@BACT,STATUS=ACCESS)
INS SAFDEF.DLV@BANR ID(DLV@BANR) PROGRAM(RMO-) RB(RMO-) -
    NOAPFCHK RACROUTE(REQUEST=AUTH,CLASS=DLV@BANR,STATUS=ACCESS)
INS SAFDEF.DLV@BNDL ID(DLV@BNDL) PROGRAM(RMO-) RB(RMO-) -
    NOAPFCHK RACROUTE(REQUEST=AUTH,CLASS=DLV@BNDL,STATUS=ACCESS)
INS SAFDEF.DLV@DBAS ID(DLV@DBAS) PROGRAM(RMO-) RB(RMO-) -
    NOAPFCHK RACROUTE(REQUEST=AUTH,CLASS=DLV@DBAS,STATUS=ACCESS)

    INS SAFDEF.DLV@DIST ID(DLV@DIST) PROGRAM(RMO-) RB(RMO-) -
    NOAPFCHK RACROUTE(REQUEST=AUTH,CLASS=DLV@DIST,STATUS=ACCESS)
INS SAFDEF.DLV@JOB  ID(DLV@JOB)  PROGRAM(RMO-) RB(RMO-) -
    NOAPFCHK RACROUTE(REQUEST=AUTH,CLASS=DLV@JOB,STATUS=ACCESS)
INS SAFDEF.DLV@PANL ID(DLV@PANL) PROGRAM(RMO-) RB(RMO-) -
    NOAPFCHK RACROUTE(REQUEST=AUTH,CLASS=DLV@PANL,STATUS=ACCESS)
INS SAFDEF.DLV@REPT ID(DLV@REPT) PROGRAM(RMO-) RB(RMO-) -
    NOAPFCHK RACROUTE(REQUEST=AUTH,CLASS=DLV@REPT,STATUS=ACCESS)
/*
  3. Make the resource types resident, for example: 
    //EXAMPLE   JOB ACCOUNT,PROGRAMMER
//ACF2 EXEC PGM=IKJEFT01
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *

    ACF
SET CONTROL(GSO)
CHANGE INFODIR TYPES(R-RDAC,R-RDBA,R-RDBR,R-RDBN,R-RDBS)
CHANGE INFODIR TYPES(R-RDDI,R-RDJB,R-RDPN,R-RDRP)
/*
  4. Enter the modify console commands to refresh all of this, for example: 
    F ACF2,REFRESH(CLASMAP)
F ACF2,REFRESH(SAFDEF)
F ACF2,REFRESH(INFODIR)
  5. Define CA ACF2 rules, for example:

    Note: The rule definitions used in the following example are contained in nine separate members of a PDS, called RULES.PDS. For more information about PDS, see PDS Members.

    //EXAMPLE   JOB ACCOUNT,PROGRAMMER
//RULE EXEC PGM=IKJEFT01
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *

    ACF
SET RESOURCE(DAC)
COMPILE 'RULES.PDS(DAC)'
STORE
SET RESOURCE(DBA)
COMPILE 'RULES.PDS(DBA)'
STORE
SET RESOURCE(DBN)
COMPILE 'RULES.PDS(DBN)'
STORE
SET RESOURCE(DBR)
COMPILE 'RULES.PDS(DBR)'

    STORE
SET RESOURCE(DBS)
COMPILE 'RULES.PDS(DBS)'
STORE
SET RESOURCE(DDI)
COMPILE 'RULES.PDS(DDI)'
STORE
SET RESOURCE(DJB)
COMPILE 'RULES.PDS(DJB)'

    STORE
SET RESOURCE(DPN)
COMPILE 'RULES.PDS(DPN)'
STORE
SET RESOURCE(DRP)
COMPILE 'RULES.PDS(DRP)'
STORE
/*
  6. Tell CA ACF2 to rebuild the resident rules, for example: 
    F ACF2,REBUILD(DAC)
F ACF2,REBUILD(DBA)
F ACF2,REBUILD(DBR)
F ACF2,REBUILD(DBN)
F ACF2,REBUILD(DBS)
F ACF2,REBUILD(DDI)
F ACF2,REBUILD(DJB)
F ACF2,REBUILD(DPN)
F ACF2,REBUILD(DRP)