Previous Topic

Next Topic

Book Contents

Book Index
Step 4. ACF2 Security Definition Samples

Step 4.1 Control-O Security Definitions

Step 4.2 Function Security Definitions

Step 4.3 Control Program Access to Datasets

Select this step to edit member CTOSSAF2, CTOSSAF3, and CTOSSAF4 in the IOA INSTWORK library.

  1. Define Control‑O started tasks under ACF2.
    1. Define the Control‑O started tasks (CONTROLO and the Control‑O servers CTOSRVxx) as valid started tasks under ACF2.
    2. Add the multi-user address space (MUSSAS) parameter to the logon ID record that is created for the Control‑O started task.
  2. Associating users with Extended Definition Mode.
    1. Edit member CTOSSAF2 in the IOA INSTWORK library, add the following ACF2 commands to define the $$CTOEDM entity to ACF2/SAF, and authorize users to this entity.
    2. Define and authorize the entity $$CTOEDM.qname to ACF2 using the following commands:

      SET RESOURCE(CMF)
      COMP
      $KEY($$CTOEDM.qname)
      UID(USERA) ALLOW

  3. Define Entities and User Authorizations to CA‑ACF2/SAF

    For more information about entities and user authorizations, see Control-O Basic Definition Security Calls, and Control-O Extended Definition Security Calls.

To authorize USERA (the user ID of the Control‑O installer) access to a given Control‑O entity, use the following command:

SET RESOURCE(CMF)
COMP
$KEY($$CTOnnn.qname) TYPE(CMF)
UID(USERA) ALLOW

where qname is the name used to assign different authorizations to different Control‑O environments (such as Test and Production). This parameter is specified during IOA installation.

Change USERA to the UID string of the Control‑O installer.

All entity names for each Control‑O protected element appear in Control-O Basic Definition Security Calls for Basic Definition mode and Control-O Extended Definition Security Calls for Extended Definition mode.

For samples of user authorizations, review the CTOSSAF3 member in the IOA INSTWORK library.

  1. Submit the Job

    This job must be run under a user of an ACF2 administrator who has authorization to enter these ACF2 commands.

    Scan the output of the job for information and error messages produced by ACF2. All job steps must end with a condition code of 0.

Parent Topic

Implementing Control-O Security