Secure the CAACPROC STC Using RACF
This article describes how to secure the CAACCPROC STC using the RACF External Security Manager (ESM).
Required roles: systems programmer, security administrator, database administrator |
|---|
Follow these steps to secure the CAACCPROC STC using RACF:
- Define the CAACPROC STC to RACF with the PROTECTED attribute specified by the NOPASSWORD attribute. For example, the following RACF command defines the new CAACPROC STC user id:ADDUSER CAACPROC DFLTGRP(STCGROUP) OWNER(STCADMIN) NOPASSWORD
- Add a STARTED record for the STC user ID, and then add the NOPRIVILEGED and NOTRUSTED attributes to it. For example, these RACF commands define CAACPROC as the STC that also runs under the ACID of CAACPROC:RDEFINE STARTED CAACPROC.* UACC(NONE) STDATA(USER(CAACPROC) GROUP(STCGROUP)) RALTER STARTED CAACPROC.* STDATA(NOPRIVILEGED NOTRUSTED)Issue the following command as prompted:SETROPTS RACLIST(STARTED) REFRESH
- Add an OMVS segment to the new STC userid. For example, the following RACF command adds an OMVS segment to the CAACPROC user ID:ALU CAACPROC OMVS(UID(123) HOME(/) PROGRAM(/bin/sh))
The CAACCPROC STC is secured by your ESM.