Beginning with RACF 1.9, a surrogate designation can be assigned to USERIDs. This designation allows one USERID to submit jobs on behalf of another USERID. If CA WA CA 7 Edition is to submit jobs with USERIDs in the JCL that are different from the CA WA CA 7 Edition USERID, a surrogate designation can be needed. This designation lets CA WA CA 7 Edition submit those jobs with a USERID that is not the same as the one CA WA CA 7 Edition uses.
This method lets CA WA CA 7 Edition submit jobs with various USERIDs, but this method is different from the "Submit Checking" that CA WA CA 7 Edition does. CA WA CA 7 Edition can check for submit authority, but it is done using the SU@MIT class not the SURROGATe class.
Note: For more information about SURROGATe classes, see the IBM guide Security Server RACF Security Administrator's Guide.
This example grants surrogate authority for CA WA CA 7 Edition to submit jobs for USERID1.
PERMIT CLASS(SURROGAT) USERID1.SUBMIT ID(CA7ONL) ACCESS(READ)
Identifies the RACF command used to grant access to a resource.
Identifies the resource class type.
Identifies the USERID that the ID can submit, CA7ONL in this example.
Identifies the USERID that is given submit authority for another ID.
Identifies the ACCESS level to grant.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|