Is there any ACF2 information on setting up BCPii?

Document ID : KB000011012
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

As long as you start ACF2 using SYS1.PARMLIB member CAISEC00(which is recommended), ACF2 will start before BCPII or any other OMVS address space, there will be no problems.

In ACF2, the "community name" is translated into the APPLDATA in the ACF2 rule.

Question:

Is there any ACF2 information on setting up BCPii?

Answer:

As long as you start ACF2 using SYS1.PARMLIB member CAISEC00(which is recommended), ACF2 will start before BCPII or any other OMVS address space, there will be no problems.

Details on ACF2 initialization and CAISEC00 can be found in the CA ACF2 for z/OS Installation Guide, Chapter 3: Installing CA ACF2, section "Step 11: CA ACF2 System Initialization".

If you are new to using BCPii and have not yet set up the "community name", here is the section from the IBM doc and what that means in ACF2:

----------------------------- begin ---------------------------------------

To define the BCPii community name in the security product, use the APPLDATA field with the CPC profile definition to associate a community name with a particular CPC.

The APPLDATA field for the BCPii community name contains a 1 to 16 character alphanumeric field. Because of restrictions with the security products on z/OS, the BCPii SNMP community name must not contain any lowercase characters.

This is an RACF example to assign a BCPii community name of "XYZ123" to an existing CPC definition for CPC name NET1.CPC001:

RALTER FACILITY HWI.TARGET.NET1.CPC001 APPLDATA('XYZ123')
SETROPTS RACLIST(FACILITY) REFRESH

Note: A community name definition must be defined for at least the local CPC otherwise, BCPii cannot continue with initialization of its address space an BCPii services are not available. This is accompanied by message HWI014I.

----------------------------- end ---------------------------------------

The equivalent ACF2 rule for this (assuming the resource class of FACILTIY is mapped to the ACF2 type code of FAC, the default):

$KEY(HWI) TYPE(FAC)
$USERDATA(XYZ123)
TARGET.NET1.CPC001 UID(*) ALLOW

where "NET1.CPC001" is from the (IBM) example. Replace this with the CPC name used at your site.

Also, since the type FAC should be resident, be sure to rebuild: F ACF2,REBUILD(FAC)