Perform the following steps to implement CMEM security.
Step 5.1 Grant Access Permissions
Collect the data you need to define the INCONTROL entities and user authorizations in the security product.
RACF Security
RDEFINE FACILITY $$CTOEDM.qname UACC(NONE)
PERMIT $$CTOEDM.qname ID(USERA) CLASS(FACILITY) ACCESS(READ)
Basic Definition mode is set if the user does not have access to this entity. If the user does have access to this entity, Extended Definition mode is set.
TopSecret Security
For information about how to define Control‑O entities and user authorizations to TopSecret, see CMEM Basic Definition Security Calls, and CMEM Extended Definition Security Calls.
Modify the following command to establish ownership of the resources in TopSecret to the appropriate owner:
TSS ADD(sec-administrator-dept) IBMFAC($$CTO)
All entity names for each Control‑O protected element appear in CMEM Basic Definition Security Calls for Basic Definition mode and CMEM Extended Definition Security Calls for Extended Definition mode.
TSS PERMIT(USERA) IBMFAC($$CTOEDM.qname) ACC(NONE)
If the user does not have access to this entity, the user is set to work in Basic Definition mode. Otherwise, the user is set to work in Extended Definition mode.
TSS ADD(USERA) IBMFAC($$CTO)
TSS PERMIT(USERA) IBMFAC($$CTO) ACC(READ)
ACF2/SAF Security
To associate users with Extended Definition Mode, define and authorize the entity $$CTOEDM.qname to ACF2 using the following command:
SET RESOURCE(CMF)
COMP
$KEY($$CTOEDM.qname)
UID(USERA) ALLOW
Step 5.2 Customize Security Parameters
Table 36 Security Definition Modes
Mode |
Description |
---|---|
Mode Definition |
The Definition Mode for the CMEM security modules. Valid values are:
|
DFMO01 |
Definition mode for the CTOSE01 security module. |
DFMO02 |
Definition mode for the CTOSE02 security module. |
Step 5.3 Save Security Parameters into the Product
This step saves all the security parameters specified for CMEM. When this step is completed, the Status column is automatically updated to COMPLETE.
Parent Topic |