OMEGAMON Resource Class Definition From RACF To TSS Definition

Document ID : KB000017391
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Authorizing user access requires that the administrator of your external

security manager perform the following procedure:

  1. Define the Resource Class name to your security package before function level security is operable. To accommodate the names of all Resources, set the MAXLNTH keyword for the ICHERCDE macro to 24.

  2. Define User access to specific functions.

    The following example shows how to authorize a User (USR1) access to the OMEGAMON II for CICS Task Kill function using RACF:

    RDEFINE nnnnnnnn cicsappl.KC2.KILL.TASK UACC(NONE)
    PERMIT cicsappl.KC2.KILL.TASK CLASS(nnnnnnnn) ID(USR1) ACCESS(READ)

    Where: v nnnnnnnn is the resource class name

    v cicsappl is the CICS APPLID
    v cicsappl.KC2.KILL.TASK is the resource name

Solution:

First of all, a resource class has to be defined in the CA Top Secret RDT record.

From the RACF information here is how to define it to CA Top Secret:


TSS ADDTO(RDT) RESCLASS(KC2CLASS) ACLST(NONE,READ,ALL) MAXLEN(24) DEFACC(READ) 

It should read when entering : TSS LIS(RDT) RESCLASS(KC2CLASS)


ACCESSORID = *RDT*     NAME       = RESOURCE DEFINITIONS                   
                                                                          
 RESOURCE CLASS = KC2CLASS                                                
  RESOURCE CODE = X'027'                                                  
      ATTRIBUTE = NOMASK,MAXOWN(08),MAXPERMIT(024),ACCESS                 
         ACCESS = NONE(0000),READ(4000),ALL(FFFF)                         
         DEFACC = READ                                                    
TSS0300I  LIST     FUNCTION SUCCESSFUL        

Other access levels can be specified and other attributes as well.

Here it has been defined with NOMASK. It could be defined with MASK depending if you want masking characters allowed in permits for this resource.

RACF Definition:


RDEFINE nnnnnnnn cicsappl.KC2.KILL.TASK UACC(NONE) 

TSS Definition:


TSS ADD(#dept) KC2CLASS(cicsappl) 

RACF Definition:


PERMIT cicsappl.KC2.KILL.TASK CLASS(nnnnnnnn) ID(USR1) ACCESS(READ) 

TSS Definition:


TSS PER(USR1) KC2CLASS(cicsappl.KC2.KILL.TASK) 

To prevent access to it for anyone in all modes:


TSS PER(ALL) KC2CLASS(cicsappl.KC2.KILL.TASK) ACCESS(NONE) ACTION(FAIL)