Started tasks have system generated JOB statements and do not have associated USER, GROUP, or password parameters. RACF requires a user or group ID to authorize access to resources specifically. The Started Procedures Table for RACF allows installations to associate a USERID with a started task that can then be used to specify authorization access.
See the following example:
ICHRIN03 CSECT
TITLE 'ICHRIN03 - STARTED PROCEDURES TABLE'
DC XL2'8003' NEW FORMAT - 03 ENTRIES
*
DC CL8'CA7ONL ' PROCNAME - CA 7 PRODUCTION ID
DC CL8'CA7ONL ' USERID
DC CL8' ' GROUP - NULL
DC XL1'00' NOT PRIVILEGED OR TRUSTED
DC XL7'00' RESERVED
*
DC CL8'CA7ICOM ' PROCNAME
DC CL8'CA7ICOM ' USERID
DC CL8' ' GROUP
DC XL1'00' NOT PRIVILEGED OR TRUSTED
DC XL7'00' RESERVED
*
DC CL8'* ' PROCNAME
DC CL8'= ' USERID
DC CL8' ' GROUP
DC XL1'00' NOT PRIVILEGED OR TRUSTED
DC XL7'00' RESERVED
*
END
This table must reside in the link pack area (LPA). The last entry shown is a generic entry that RACF uses if the specific started task name is not found in the table. The equal sign states that the started task name is used as the USERID for any entry that does not match an entry in the table.
Note: For more information about the Started Procedures Table, see the IBM guide Security Server RACF System Programmer's Guide.
Security for the CA WA CA 7 Edition and ICOM started task does not take effect until the USERIDs are defined to RACF.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|