By default the security validation of the Control-O XAM DORULE action does not restrict users from invoking only specific target rules. If such restriction is required, use the option to include the target rule name in the checked entity (in extended definition mode). This option is controlled by parameter ADDRULNM in the SECPARM parameter member.
When ADDRULNM=N (default) the checked entity is:
$$CTOXAM.qname.TYPE3RUL (default).
When ADDRULNM=Y the checked entity is:
$$CTOXAM.qname.TYPE3RUL.rulename (where rulename is the target rule name of the DORULE action).
To set the option for including the target rule name in the checked entity
APAR BO10168 is needed for this option.
To permit USERA to set a local variable using the XAM interface, use the appropriate command.
For RACF:
PERMIT $$CTOXAM.qname.TYPE2* ACCESS(READ) ID(USERA) CLASS(FACILITY)
For TopSecret:
TSS PERMIT(USERA) IBMFAC($$CTOXAM.qname.TYPE2) ACCESS(READ)
For ACF2/SAF:
SET RESOURCE(CMF)
COMP
$KEY($$CTOXAM.qname.TYPE2*************) TYPE(CMF)
UID(USERA) ALLOW
Parent Topic |