Previous Topic: Surrogate Usage for Job Submission Under RACFNext Topic: Job Submission

Implementing Security with IBM RACFCalendar Security

Calendar Security

To protect access to the CA WA CA 7 Edition calendars, use the CALENDAR option in the EXTERNAL keyword values on the SECURITY statement in the CA WA CA 7 Edition initialization file.

The Resource Class Descriptor and RACF Router Tables need an entry added for CA@ENDAR before defining any rules for the calendar access. Once these tables are set up to permit CALENDAR security, you can then define the rules.

The following example illustrates the use of the RACF RDEFINE and PERMIT commands first to define the CA WA CA 7 Edition CA@ENDAR as a resource to RACF. Next, the commands permit access to specific calendars.

RDEFINE CA@ENDAR (calendar-name) DATA('CA 7 Calendar xx') OWNER(CA7USERS)
UACC(NONE)
RDEFINE

Identifies the RACF command used to define general resources.

CA@ENDAR

Identifies the resource class type for CA WA CA 7 Edition calendars. If you have specified a resource type other than CALENDAR (see the SECURITY statement CCLASS keyword), substitute its value for CA@ENDAR.

(calendar-name)

Identifies the resource name for the calendar that you want to secure. Calendar names have a format of SCALyyxx where yy is the year and xx are two unique characters identifying the specific calendar.

DATA('CA 7 Calendar xx')

Describes the calendar. If the text contains spaces or commas, single quotes are required.

OWNER(CA7USERS)

Identifies a predefined RACF user or group profile that owns this resource.

UACC(NONE)

Identifies the universal access level for this resource. In this case, NONE.

This example grants access to the resource SCALyyxx defined to RACF in the previous example.

PERMIT SCALyyxx  CLASS(CA@ENDAR) ID(xxxxxxx) ACCESS(READ)
PERMIT

Identifies the RACF command granting access to a resource.

SCALyyxx

Identifies the resource name for the calendar.

CLASS(CA@ENDAR)

Identifies the resource class type. If you have specified a resource type other than CALENDAR (see the SECURITY statement CCLASS keyword), substitute its value for CA@ENDAR.

ID(xxxxxxx)

Identifies the USERID granted access to the resource.

ACCESS(READ)

Identifies the access level for the calendar. The only access required is READ, which indicates the user can access the calendar in read or update mode.

More information:

Resource Class Descriptor Table - ICHRRCDE

RACF Router Table