Step 8.2 Security Definitions (Sample)

Define CTMAS security in the following steps.

CTMAS security uses the IOASE07 and IOASE32 IOA security modules, as well as the CTMSE08 Control‑M security module, when IOA and Control‑M security interfaces are installed. Therefore, to complete CTMAS security, only the required definitions are necessary.

1. Define a CTMAS started task

   Define a Logon ID for the CTMAS started task with a multi-user address space (MUSSAS) parameter.

2. Define entities and user authorizations to ACF2/SAF
   1. Edit member ECSSSAF2 in the IOA INSTWORK library. For details about entities and user authorizations, see CTMAS Basic Definition Security Calls, and CTMAS Extended Definition Security Calls.
   2. Authorize USERA (the user ID of the Control‑M installer) access to a given CTMAS entity, use the following command:

      SET RESOURCE(CMF)
      COMP
      $KEY($$ECSnnn.qname)
      UID(USERA) ALLOW

      where ECSnnn is the name of the CTMAS entity to be accessed.

   3. Change USERA to the UID string of the CTMAS installer.

      All entity names for each CTMAS protected element are described in CTMAS Basic Definition Security Calls, for Basic Definition mode, and in CTMAS Extended Definition Security Calls, for Extended Definition mode.

   For samples of user authorizations, review member ECSSSAF3 in the IOA INSTWORK library.

3. Submit the job

   Verify that all job steps complete with a condition code of zero.

   This job must be run under a user of an ACF2 administrator who is authorized to enter these ACF2 commands.

   Scan the output of the job for information and error messages produced by ACF2. All job steps must end with a condition code of 4 or less.