Step 2. RACF Security Definition Samples

Step 2.1 Control-M Security Definitions

Select this step to edit the CTMSRAC2 member in the IOA INSTWORK library.

Perform the following steps to define the required users permissions:

1. To define the entity $$CTMEDM.qname to RACF, use the following RACF command:

   RDEFINE FACILITY $$CTMEDM.qname UACC(NONE)

2. To associate USERA with Extended Definition mode, use the following RACF command:

   PERMIT $$CTMEDM.qname ID(USERA) CLASS(FACILITY) ACCESS(READ)

   If the definition mode to a Control‑M security module was defined as conditional mode (COND), and a user does not have access to this entity, the user is set to work in Basic Definition mode. Otherwise, the user is set to work in Extended Definition mode.

3. Submit the job for execution.

   This job must be run under a user who has authorization to enter these RACF commands.

4. Scan the output of the job for information and error messages produced by RACF.

Step 2.2 Function Security Definitions (Optional)

Select this step to edit the CTMSRAC3 member in the IOA INSTWORK library. This member contains a sample of the various definitions required to define access authorizations to various Control‑M entities. Review the definitions and modify to meet your site's requirements.

Step 2.3 Control Program Access to Datasets (Optional)

BMC recommends that, before selecting this step, the security administrator first read Limiting Access to Specific Programs and the IBM Resource Access Control Facility Security Administrator's Guide.

Select this step to edit the CTMSRAC4 member in the IOA INSTWORK library. This member contains a sample of the definitions required to define Program Pathing access authorizations to Control‑M datasets. Review the definitions and modify to meet your site's requirements.