Appendix H of IBM z/OSMF Configuration Guide contains figures about different RACF/ZOSMF implementations.
This Knowledge Document has a .txt file attached.
It contains TSS command translations from RACF ones and represents what there is in Appendix H of the IBM zOSMF Configuration Guide.
There is one section per fig# of this appendix in the attached .txt file.
Although the attached file contains the CA Top Secret equivalent commands of the RACF ones, some additional work has to be done.
- IZUADMIN and IZUUSER are defined to CA Top Secret as GROUPs. Because of that, TSS PERMIT commands cannot be issued for these acids. Either change the IZUADMIN/IZUUSER to ZOSMFAD (which is a user) to issue the permits directly to the ZOSMFAD user and to any other users that require those permits.
Or create specific profile(s), e.g PIZUADM/PIZUUSER, and issue the permits to them.
You will have to ADD those profiles to ZOSMFAD and to any other users requiring those permits.
- Some resources may already be owned/defined to CA Top Secret at your site. In those instances, the TSS ADD command(s) in the attached files will receive the following error message:
TSS0351E SPECIFY "UNDERCUT" TO TRANSFER OWNERSHIP
TSS0301I ADD FUNCTION FAILED, RETURN CODE = 8
- When you define a resource to CA Top Secret, in most cases you give ownership to a department acid. In the translated commands, the department acid is generic (ie #dept), so you must replace it with a valid department acid.
- You may see the same TSS command generated several times from different RDEFINE RACF commands. This is due to the maximum length to own a resource with CA Top Secret.
- To download the file, use LRECL=80 BLKSIZE=3200 RECFM=FB.