How To Implement IBM HyperSwap with CA Top Secret?

Document ID : KB000009582
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

IBM supplies his customer with a documentation to implement HyperSwap with RACF.

 

This document shows how to implement it with CA Top Secret. 

Environment:
This is valid for both CA Top Secret r15.0 and r16.0 on any z/OS release supporting HyperSwap.
Instructions:

1.Create user BHIHSRV :

 

ADDUSER BHIHSRV OMVS(UID(user_identifier) SHARED HOME('/')) NOPASSWORD

 

1.1 TSS CREATE(BHIHSRV) NAME(' BHIHSRV  Hyperswap) PASSWORD(NOPW,0) -

TYPE(USER) DEPT(Votre département STC) FACILITY(STC)

         

1.2.TSS ADD(BHIHSRV) UID(un numéro de UID) GROUP(un groupe OMVS) -              

DFLTGRP(un groupe OMVS) HOME(/) -                         

OMVSPGM(/bin/sh)  

                                

1.3. TSS ADD(Votre département STC) ACID(BHIHSRV) PROC(BHIHSRV)       

 

1.4 TSS MODIFY(OMVSTABS)  , It is no longer needed with CA Top Secret r15.0 and above.     

 

 2. Define the resource ANT.REPLICATIONMANAGER :

 

RDEFINE FACILITY ANT.REPLICATIONMANAGER UACC(NONE)

 

2.1. Check whether the resource already exist:

 

TSS WHOHAS IBMFAC(ANT.)

 

2.2. Define the resource to CA Top Secret, if needed:

 

TSS ADD(un departement) IBMFAC(ANT.)                

 

 3. Permit the resource ANT.REPLICATIONMANAGER to BHIHSRV :

 

PERMIT ANT.REPLICATIONMANAGER CLASS(FACILITY) ID(BHIHSRV) ACCESS(CONTROL)

 

3.1. TSS PERMIT(BHIHSRV) IBMFAC(ANT.REPLICATIONMANAGER) ACCESS(ALL) 

 

4. Permit the resource ANT.REPLICATIONMANAGER to the user using the connection CSM/z/OS:

 

PERMIT ANT.REPLICATIONMANAGER CLASS(FACILITY) ID(userid) ACCESS(CONTROL)

 

4.1. TSS PERMIT(user csm) IBMFAC(ANT.REPLICATIONMANAGER) ACCESS(ALL) 

  

5. In case of unexpected violation, run:

 

 

a TSSTRACK EVENT(VIOL) DATE(TODAY) or a TSSUTIL EVENT(VIOL) DATE(TODAY)  

Additional Information:

With RACF resource class FACILITY is used, the equivalent one with CA Top Secret is IBMFAC.

 

With this resource class, the ownership cannot be made with more than eight characters.