How to set up RACF definitions to allow canceling a remote CA IDMS task

Document ID : KB000048216
Last Modified Date : 14/02/2018
Show Technical Document Details

Description :

If you use RACF for external IDMS security, RACF security definitions are necessary to allow canceling a task running on a remote IDMS CV.

Solution :

Note : All of the following definitions are examples and can vary by installation, for instance if the use of generic profiles is not desired. Other parameters can be selected for auditing, performance and other installation-specific needs.

Follow these steps:

  1. Define the CA@IDMSI resource class.

    Example :
    RDEFINE CDT CA@IDMSI UACC(NONE) OWNER(ADMIN) -CDTINFO(CASE(UPPER) - FIRST(ALPHA) - OTHER(ALPHA,NUMERIC,NATIONAL,SPECIAL) - MAXLENGTH(22) - MAXLENX(22) - KEYQUALIFIERS(0) - PROFILESALLOWED(YES) -POSIT(NNN) -RACLIST(ALLOWED))

    Note : For more information about choosing the POSIT number, see IBM RACF Command Language Reference.

  2. Refresh the dynamic CDT:

    SETROPTS RACLIST(CDT) REFRESH
  3. Activate the class:

    SETROPTS CLASSACT(CA@IDMSI) GENERIC(CA@IDMSI)
    Note : The use of the generic parameter is optional. This parameter allows you to use generic profiles for the CA@IDMSI class.

  4. Define the profiles in the class (profile format: TASK.<target-CV-Jobname>.<taskcode>).

    Example :
    RDEFINE CA@IDMSI TASK.** UACC(NONE) OWNER(ADMIN) AUDI(A(R))   (TO DENY BY DEFAULT)RDEFINE CA@IDMSI TASK.SYSTEM26.OPER UACC(NONE) OWNER(ADMIN) AUDI(A(R))
  5. Grant permissions to profiles in class and refresh class.

    Example :
    PERMIT  TASK.SYSTEM26.OPER CLASS(CA@IDMSI) ID(USER1) SETROPTS RACLIST(CA@IDMSI) REFRESH
  6. Secure the task code that processes external request units (RHDCNP3S or alternative task codes) to allow canceling a remote task on behalf of a batch program running against the CV.

    Note : For more information about external run unit task codes, see CA IDMS System Generation Guide and CA IDMS System Operations Guide.

    Example :
    To secure the task code generically:

    RDEFINE CA@IDMSI TASK.SYSTEM26.** UACC(NONE) OWNER(ADMIN)PERMIT TASK.SYSTEM26.** CLASS(CA@IDMSI) ID(USER1 USER2)SETROPTS RACLIST(CA@IDMSI) REFRESH

    To secure the task code explicitly:

    RDEFINE CA@IDMSI TASK.SYSTEM26.RHDCNP3S UACC(NONE) OWNER(ADMIN)PERMIT TASK.SYSTEM26.RHDCNP3S CLASS(CA@IDMSI) ID(USER1 USER2)SETROPTS RACLIST(CA@IDMSI) REFRESH