Need help converting RACF commands

Document ID : KB000110855
Last Modified Date : 10/08/2018
Show Technical Document Details
Issue:
Need help converting RACF commands to TSS commands.
Resolution:
Here are the commands converted to TSS.

1) Update RACF or equivalent security system for the user ID (with OMVS segment) assigned to product started tasks. This is applicable to the TEMS, the enhanced 3270 user interface, the OMEGAMON Subsystem, and the Agent address spaces.

2) Identify the user ID you created as a Superuser.
For example:
ALU <user ID> OMVS(UID(0) HOME(/) PROGRAM(/bin/sh))

TSS ADD(acid) UID(0) HOME(/) OMVSPGM(/bin/sh)

3) Use the RDEFINE command to associate the user ID with various product started tasks:
For example:
RDEFINE STARTED SYO5DSST.* -
STDATA(USER(userID) GROUP(SYS1))

TSS ADD(STC) PROCN(SYO5DSST) ACID(acid)

o Topic: Setting Up the STARTED Class
With the STARTED class, you do not need to change code or re-IPL the system in order to add or modify RACF(r) identities for started procedures. You can modify the security definitions for started procedures dynamically, using the RDEFINE, RALTER, and RLIST commands. See z/OS Security Server RACF Command Language Reference for more information on these commands. In effect, the STARTED class provides a dynamic started procedures table. To set up the STARTED class, enter these commands:

Example:
SETROPTS GENERIC(STARTED)
Not needed in TSS.

RDEFINE STARTED JES2.* UACC(NONE)
STDATA(USER(JES2) GROUP(STCGROUP) TRUSTED(YES)) TSS ADD(STC) PROCN(JES2) ACID(JES)

RDEFINE STARTED ** UACC(NONE)
STDATA(USER(=MEMBER) GROUP(STCGROUP) TRACE(YES)) TSS ADD(STC) PROCN(**) ACID(acid)


4) After you issue all the RDEFINE commands, issue the refresh commmand:
For example:
SETROPTS RACLIST(STARTED) REFRESH
Not needed in TSS.

Regards,

Joseph Porto - CA Level 1 Support
Edit | Del | Make Private    Checked    Created By: Joseph Porto (8/7/2018 4:01 PM)
Dennis,

Here are the commands converted to TSS.

1) Update RACF or equivalent security system for the user ID
(with OMVS segment) assigned to product started tasks. This
is applicable to the TEMS, the enhanced 3270 user interface,
the OMEGAMON Subsystem, and the Agent address spaces.

2) Identify the user ID you created as a Superuser.
For example:
ALU <user ID> OMVS(UID(0) HOME(/) PROGRAM(/bin/sh))

TSS ADD(acid) UID(0) HOME(/) OMVSPGM(/bin/sh)

3) Use the RDEFINE command to associate the user ID with
various product started tasks:
For example:
RDEFINE STARTED SYO5DSST.* -
STDATA(USER(userID) GROUP(SYS1))

TSS ADD(STC) PROCN(SYO5DSST) ACID(acid)

o Topic: Setting Up the STARTED Class
With the STARTED class, you do not need to change code or
re-IPL the system in order to add or modify RACF®
identities for started procedures. You can modify the
security definitions for started procedures dynamically,
using the RDEFINE, RALTER, and RLIST commands. See z/OS
Security Server RACF Command Language Reference for more
information on these commands. In effect, the STARTED
class provides a dynamic started procedures table. To
set up the STARTED class, enter these commands:

Example:
SETROPTS GENERIC(STARTED)
Not needed in TSS.

RDEFINE STARTED JES2.* UACC(NONE)
STDATA(USER(JES2) GROUP(STCGROUP) TRUSTED(YES))
TSS ADD(STC) PROCN(JES2) ACID(JES)

RDEFINE STARTED ** UACC(NONE)
STDATA(USER(=MEMBER) GROUP(STCGROUP) TRACE(YES))
TSS ADD(STC) PROCN(**) ACID(acid)


4) After you issue all the RDEFINE commands, issue the
refresh commmand:
For example:
SETROPTS RACLIST(STARTED) REFRESH
Not needed in TSS.