How do I secure the z/OSMF ZMFAPLA resource?

Document ID : KB000017871
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

In z/OSMF, the authorization of users to resources (tasks and links) is based on SAF resource validations for traditional z/OS security controls, such as user IDs and groups.

Solution:

The ACF2 control statements to secure the z/OSMF resources are as

follows....


ACF                           
SET CONTROL(GSO)                                                              
INSERT  CLASMAP.ZMFAPLA RESOURCE(ZMFAPLA) RSRCTYPE(ZMF) ENTITYLN(220)         
                                                                             
CHANGE INFODIR TYPES(R-RZMF) ADD                                              
                                                                             
F ACF2,REFRESH(CLASMAP)                                                       
F ACF2,REFRESH(INFODIR)                                                       
 
SET RESOURCE(ZMF)                                                      
RECKEY BBNBASE ADD(BBNBASE.ZOSMF.- UID(UID string for IZUUSER) -       
SERVICE(READ) ALLOW)                                                   
RECKEY BBNBASE ADD(BBNBASE.ZOSMF.- UID(UID string for ZOSMFGRP) -      
SERVICE(READ) ALLOW)                                                   
RECKEY BBNBASE ADD(BBNBASE.ZOSMF.LINK.- UID(UID string for IZUUSER) -  
SERVICE(READ) ALLOW)                                                   
RECKEY BBNBASE ADD(BBNBASE.ZOSMF.LINK.- UID(UID string for ZOSMFGRP) - 
SERVICE(READ) ALLOW)                                                   
F ACF2,REBUILD(ZMF)