I am trying to setup ACF2 security for the Product TSP. Can you provide the ACF2 equivalent commands to the RACF setup commands?

Document ID : KB000048222
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The r15 CA ACF2 for z/OS Administration Guide Appendix H: RACF Commands provides information on converting RACF command to ACF2 commands.

Solution:

  1. Need userid, R3SP defined with no TSO segment or OMVS. The id needs to be connected to group SYS1 with Operations attribute (needs authority to rename SYS1TMP to SYS1 hi-lvl).

    ACF2 equivalent:

     ACF        SET LID  Insert R3SP STC NAME(R3SP started task) GROUP(SYS1)
     SET RULE RECKEY SYS1TMP ADD( - UID(UID string for R3SP) ALLOCATE(A) RECKEY SYS1 ADD( - UID(UID string for R3SP) ALLOCATE(A)

  2. Need one profile, if possible, for Started Tasks. All will run under R3SP.
    R3SP, Procs will need to be added to proclib concatenation. Proc members are R3SV2IPL and R3SV2TSO and can be found in SYS1.RSSS.SAMPLIB.

    ACF2 equivalent:

     ACF        SET CONTROL(GSO)  INSERT STCR3SP LOGONID(R3SP) STCID(R3S-)

  3. Need a SURROGAT for R3SP.SUBMIT with R3S group permitted with READ

    ACF2 equivalent:

     ACF SET RESOURCE(SUR) RECKEY R3SP ADD( SUBMIT UID(UID string for R3SP) ALLOW)

  4. Need the following defined to FACILITY class with R3SP granted READ access

     MVS.NFTP.TRUST.*.R0DFTP0% ACF2 equivalent: ACF SET RESOURCE(FAC) RECKEY MVS ADD( NFTP.TRUST.-.R0DFTP0* UID(UID string for R3SP) - SERVICE(READ) ALLOW)