CA Top Secret for z/OS How can you grant access to resource names greater than 8 characters?

Document ID : KB000032413
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

How can you grant access to resource names greater than 8 characters?

When implementing zOSMF, encountering issues with the EJBROLE resource class.

One of the setup steps in RACF documentation  is to add access to these role set to all z/OSMF users.                                                         
EJBROLE (IZUDFLT.*.izuUsers)

 

Users cannot access to resource entity

 IZUDFLT.IzuManagementFacility.izuUsers

 

Answer:

 

The Masking Character ASTERISK (*) stands for any 8 characters.

Use a Hyphen (-) instead of a asterisk (*)                             
IZUDFLT.-.izuUsers      

 

Additional Information:

 

From the CA Top Secret Security for z/OS r15.0 Users Guide:      

https://support.ca.com/cadocs/0/CA%20Top%20Secret%20%20Security%20for%20z%20OS%20r15-ENU/Bookshelf_Files/PDF/TSS_User_zOS_ENU.pdf            


                                                                             
Floating Pattern Masks                                                       
A floating pattern mask uses the hyphen (-) to represent a variable number   
of characters (including no characters). Resource names containing hyphens   
cannot be owned. They must match the ownership of resources defined by       
other characters and masks.                                                  
The hyphen:                                                                  
 Cannot be used in the same resource name with other masking characters      
 Can only be used in the interior of a resource name                         
 Can only occur at position three or later                                   
The following resource masks are invalid:                                    
Resource Mask                                                                
Reason why invalid                                                           
-                                                                            
The hyphen cannot be used at the beginning or end of a resource name.        
**-*                                                                         
The hyphen cannot be used in combination with any other masking character.   
a-bc                                                                         
The hyphen cannot be used before position three of a resource mask.          
A floating character mask can represent resource names with multiple         
qualifiers or indexes (cross-node resource names).

These examples show how the hyphen mask can be used to cross partial and complete nodes of resource
qualification:                                                            
                                                                          
Resource Mask         Matches           Does Not Match                    
ACCT-VEND         ACCTPAY.VENDOR           ACC.VEND                       
                   ACCTVEND               AP.ACC.VEND                     
_______________________________________________________                   
PAYROLL.-.XMPT    PAYROLL.@12W02.XMPT     PAYROLL.XMPT                    
                  PAYROLL.Y2K.XMPT.BKUP                                   
                                                                          
                                                                          
The explicit periods on either side of the mask in the second example     
prevent the collapse of the hyphen into a null-string, and prevents the   
inclusion of more than one initial qualifier