Security for CA WA CA 7 Edition commands and panels can be protected under RACF by defining each panel and command as a resource. Besides restricting access to top line commands and panels, functions found on each panel can be protected by specifying an access level for each panel. For a list of the CA WA CA 7 Edition commands, panels, and a cross-reference of panel functions with their associated access level requirements, see Security Tables.
The following examples illustrate the use of the RACF RDEFINE and PERMIT commands first to define the CA WA CA 7 Edition command or panel as a resource to RACF and then "permit" access to specific commands. The resource class is PA@EL for both CA WA CA 7 Edition commands and panels.
RDEFINE PA@EL (L2DB1) DATA('CA 7 Job Definition Panel') OWNER(CA7USERS)
UACC(NONE)
Identifies the RACF command used to define general resources.
Identifies the resource class type for CA WA CA 7 Edition commands and panels. If you have specified a resource type other than PANEL (see the SECURITY statement PCLASS keyword), substitute its value for PA@EL. Also, for resource types other than PANEL, modify the CA Common Services security exit CAS9SAFC.
Identifies the resource name for the CA WA CA 7 Edition Job Definition panel.
Identifies a predefined RACF user or group profile that owns this resource.
Identifies the universal access level for this resource. In this case, NONE.
This example grants access to the resource L2DB1 defined to RACF in the previous example.
PERMIT L2DB1 CLASS(PA@EL) ID(xxxxxxx) ACCESS(READ,UPDATE)
Identifies the RACF command used to grant access to a resource.
Identifies the resource name for the CA WA CA 7 Edition Job Definition panel.
Identifies the resource class type.
Identifies the USERID being granted access to the resource.
Identifies the access level for functions found on the Job Definition panel. The user would have full access to functions that require READ and UPDATE authority.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|