Step 4. ACF2 Security Definitions (Optional)

Step 4.1 Control-D Security Definitions

Select this step to edit member CTDSSAF2 in the IOA INSTWORK library

1. Define Control‑D started tasks under ACF2.
   1. Define the Control‑D started tasks as a valid started task under ACF2 (CONTROLD, CTDPRINT, CTDNDAY).
   2. Add the multi-user address space (MUSSAS) parameter to the logon ID record that is created for the Control‑D started task.

   If the site uses more than one Control‑D monitor, parameter MUSSAS must be added to all the logon ID records previously created.

2. Associating users with extended definition mode.

   Define and authorize the entity $$CTDEDM.qname to ACF2 using the following command:

   SET RESOURCE(CMF)
   COMP
   $KEY($$CTDEDM.qname) TYPE(CMF)
   UID(USERA) ALLOW

3. Define entities and user authorizations to CA‑ACF2/SAF.

   Example

   To authorize USERA (the user ID of the Control‑D installer) access to a given Control‑D entity, use the following command:

   SET RESOURCE(CMF)
   COMP
   $KEY($$CTDnnn.qname) TYPE(CMF)
   UID(USERA) ALLOW

   where qname is the name used to assign different authorizations to different Control‑D environments (such as Test and Production). This parameter is specified during IOA installation.

   Change USERA to the UID string of the Control‑D installer.

   All entity names for each Control‑D protected element appear in Control-D and Control-V Basic Definition Security Calls for Basic Definition mode and Control-D and Control-V Extended Definition Security Calls for Extended Definition mode.

   For samples of user authorizations, review member CTDSSAF3 in the IOA INSTWORK library.

4. Submit the job.

   This job must be run under a user of an ACF2 administrator who has authorization to enter these ACF2 commands.

   Scan the output of the job for information and error messages produced by ACF2. All job steps must end with a condition code of 0.

Step 4.2 Function Security Definitions

Select this step to edit the CTDSSAF3 member in the IOA INSTWORK library. This job contains various definitions for Control‑D. Review the definitions and modify according to your site's requirements.

Step 4.3 Control Program Access to Datasets

Select this step to edit the CTDSSAF4 member in the IOA INSTWORK library. This member contains a sample of the definitions required to define Program Pathing access authorizations to Control‑D datasets.

Review the definitions and modify according to your site’s requirements.

BMC recommends that the security administrator first read Limiting Access to Specific Programs and the CA-ACF2 Administrator’s Guide before submitting this job.