Step 6.2 Security Definitions (Sample)

To define CTMAS security, edit the ECSSRAC2 member in the IOA INSTWORK library to perform the following actions.

Note: CTMAS security uses the IOASE07 and IOASE32 IOA security modules, as well as the CTMSE08 Control‑M security module, when IOA and Control‑M security interfaces are installed. Therefore, to complete CTMAS security, only the required definitions are necessary.

1. Define entities and user authorizations to RACF.

   For details about entities and user authorizations, see the Protected Elements tables in CTMAS Basic Definition Security Calls, and in CTMAS Extended Definition Security Calls.

2. To authorize USERA (the user ID of the Control‑M/Enterprise Manager installer) access to a given CTMAS entity, use the following command:

   PERMIT $$ECSnnn.qname CLASS(FACILITY) ID(USERA) ACCESS(READ)

   where ECSnnn is the name of the CTMAS entity to be accessed.

3. Change USERA to the user ID of the CTMAS installer.

   All entity names for each CTMAS protected element are described in CTMAS Basic Definition Security Calls, for Basic Definition mode, and in CTMAS Extended Definition Security Calls, for Extended Definition mode.

4. Submit the job for execution.

   This job must be run under a user of a RACF administrator who has authorization to enter these RACF commands.

5. Scan the output of the job for information and error messages produced by RACF.

   Note: For samples of user authorizations, review members ECSSRAC3, IOASRAC3 and CTMSRAC3 in the IOA INSTWORK library.