How do I define the CA-Examine resource class of CA EXAMIN to my external security manager RACF? What would a sample rule look like?
CA Examine makes SAF calls with a resource CLASS=CAEXAMIN, and one of the following entity names:
ENTITY=EXAMMON.BPXEKDA For z/OS cross-memory services to communicate with the EXAMMON address space.
ENTITY=TRAPAUTH.TEST For test traps generated through the use of DEBUG flag 16.
ENTITY=TRAPAUTH.BATCH For other traps issued in batch jobs.
ENTITY=TRAPAUTH.TSO For other traps issued from a TSO session.
The resource class can be defined to RACF using the following RACF RDEF CDT sample:
SETR CLASSACT(CDT) AUDIT(CDT) RACLIST(CDT)
RDEF CDT CAEXAMIN UACC(NONE) CDTINFO(MAXLENGTH(39) FIRST(ALPHA)
OTHER(ALPHA,NUMERIC,NATIONAL,SPECIAL) RACLIST(ALLOWED) DEFAULTUACC(NONE) GENLIST(DISALLOWED)
SETR RACLIST(CDT) REFRESH
PERMIT EXAMMON.BPXEKDA CLASS(CAEXAMIN) ACCESS(READ) ID(USER2)
See the z/OS Security Server RACF Command Language Reference and RACF Security Administrator's Guide for additional details on the SETR, RDEF and PERMIT commands.