Step 4. ACF2 Security Definition Samples

Step 4.1 ControlM/Tape Security Definitions (Optional)

Select this step to edit the CTTSSAF2 member in the IOA INSTWORK library.

Perform the following steps to define the required permissions.

1. Associate users with Extended Definition Mode.
   1. Edit the CTTSSAF2 member in the IOA INSTWORK library.
   2. Define and authorize entity $$CTDEDM.qname to ACF2/SAF and authorize users to use this entity using the following commands:

      SET RESOURCE(CMF)
      COMP
      $KEY($$CTTEDM.qname) TYPE(CMF)
      UID(USERA) ALLOW

2. Define entities and user authorizations to CA-ACF2/SAF.

   For information about entities and user authorizations, see Control-M/Tape Basic Definition Security Calls, and Control-M/Tape Extended Definition Security Calls.

   Example

   To authorize USERA (the user ID of the Control‑M/Tape installer) to access a given Control‑M/Tape entity, use the following command:

   SET RESOURCE(CMF)
   COMP
   $KEY($$CTTnnn.qname) TYPE(CMF)
   UID(USERA) ALLOW

   where qname is the name used to assign different authorizations to various Control‑M/Tape environments (such as Test and Production). This parameter is specified during IOA installation.

   Set the USERA parameter to the UID string of the Control‑M/Tape installer.

   All entity names for each Control‑M/Tape protected element appear in Control-M/Tape Basic Definition Security Calls for Basic Definition mode and in Control-M/Tape Extended Definition Security Calls for Extended Definition mode.

3. Submit Job for Execution

   This job must be run under the user ID of an ACF2 administrator who has authorization to enter these ACF2 commands.

   Scan the output of the job for information and error messages produced by ACF2/SAF. All job steps must end with a condition code of 0.

Step 4.2 Functions Security Definitions (Optional)

Select this step to edit the CTTSSAF3 member in the IOA INSTWORK library. This member contains definition samples for the various Control‑M/Tape entities. Modify the definitions according to the requirements of the site and submit the job.

Step 4.3 Control Program Access to Datasets (Optional)

Select this step to edit the CTTSSAF4 member in the IOA INSTWORK library. This member contains a sample of the definitions required to define Program Pathing access authorizations to Control‑M/Tape datasets. Review the definitions and modify to meet the requirements of your site.

WARNING: BMC recommends that the security administrator first read Limiting Access to Specific Programs.