CA OPS/MVS External Security question: Can RACF SMF records be produced and ICH408I messages for violations displayed in the SYSLOG?

Document ID : KB000014632
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

We just turned on 'External Security' for OPS, so that our RACF person can test it. We set the following parm values:
Name               Value
EXTSECURITY   ON
EXTSECPREFIX 'OP$MVS'
EXTSECCLASS  '$CAOPS'

It seems to be working OK, but he had some additional questions.

Question:
  1. Can RACF SMF records be produced and ICH408I messages for violations displayed in the SYSLOG?
  2. What is the best way to trace the activity so I can see the resource names as we try out the different options? We have never setup external security for ops before and the "SAF Resource Names Table" in the manual does not correlate the profiles to the various options off the panels.
Environment:
CA OPS/MVS? Event Management and Automation for JES2 - MVS Release:12.2IBM RACF
Answer:

Try these recommendations:

  • One method to determine the OPS/MVS functionality (mapped closely to the resource names) aligned to the OPSVIEW and automation activity is to turn on SEC events in the OPSLOG (parameter BROWSESEC). Then, perform or test a given functionality and observe the OPSLOG for the SEC events generated from performing the functionality.
  • You can also turn on the DEBUGEXTSEC parameter to help testing. OPS9999T messages will be logged with what is being evaluated.
Additional Information:

Implementing External Security

Parameters for Resolving Problems