What Are the Top-Secret Commands to secure Z/OSMF?

Document ID : KB000047295
Last Modified Date : 14/02/2018
Show Technical Document Details

 

 

Introduction:

 

 
-z/OSMF Configuration Guide contains figures about different RACF/ZOSMF implementations.
 
-This technical document intents to translate all RACF command to CA Top Secret command to implement z/OSMF with CA Top Secret.
 
-There is a file attached to this technical document which contains all command and instructions to follow.
 
 

Instructions: 

 

 

 

-Although the attached file contains the CA Top Secret equivalent commands of the RACF ones, some additional work has to be done.
 
-With CA Top Secret a GROUP type is only defined for USS purposes i.e. to own GID. 
 
-With RACF a GROUP can have a GID and PERMITS, but with CA Top Secret it is needed to defined a PROFILE type acid to handle the PERMITS done with RACF to a GROUP.
 
-It's why with CA Top Secret IZUADMIN, IZUUSER and IZUUNGRP are defined as GROUP type acid. To handle the RACF PERMITS PROFILEs needs to be created and have to replace IZUADMIN, IZUUSER and IZUUNGRP when RACF PERMITs are made.
  
-The following profiles have ententionally choosen for this purpose: 
 
IZUADNPR is for IZUADMIN
IZUUSRPR is for IZUUSER
 
-There is no RACF PERMITS for IZUUNGRP group.
 
-Duplicates TSS ADD may exist, keep one and get rid of others.
 
-You have to change cert#001, cert#002, #dept and #keyr with names to fit your requirements.     

  

Additional Information:

 

-The attached file can be reach at ZOSMF_ALL.txt

 

-For CA Top Secret r15.0, refer to CA Top Secret for z/OS Command Functions Guide, for all details about CA Top Secret command syntax.

-For CA Top Secret r16.0, go to docops.ca.com site. Sign-in, select Using --> Issuing Commands to Communicate Administrative Requirements

--> Command Functions, for all details about CA Top Secret command syntax.

 

File Attachments:
TEC1331937.zip