Configure SAF Authorization Using ACF2
ACF2
Configure the SAF authorization of
Topology
user IDs in ACF2
.Required roles: systems programmer, security administrator |
|---|
You can use
ACF2
to configure SAF authorization for an existing Topology
user ID. To control access based on the purpose of the user ID, grant the user ID with access to the required SAF resources.This section expects the user to be familiar with the
ACF2
security manager. For more information about the available commands, see the ACF2
documentation at https://techdocs.broadcom.com/acf2.Follow these steps:
- Grant the TPLSTC user ID with READ access to the BPX.SERVER resource in the FACILITY class.Example:SET RESOURCE(FAC) RECKEY BPX ADD(SERVER USER(TPLSTC) ALLOW)
- Define a security resource class for theTopologyAPI server.Example:SET CONTROL(GSO) INSERT CLASMAP.CA$TPL RESOURCE(CA$TPL) RSRCTYPE(TPL) CHANGE INFODIR ADD TYPES(D-RTPL)You have defined the CA$TPL class with theACF2three-letters code of TPL.
- After you define a new class, rebuild the internalACF2class tables by using the following system command:F ACF2,REFRESH(CLASMAP,INFODIR)
- Grant access to theTopologyuser interface to the user ID that requires this access.Currently, the access to the user interface only verifies the following resource in the class CA$TPL: TOPOLOGY.API.ACCESS.Example:SET RESOURCE(TPL) RECKEY TOPOLOGY ADD(API.ACCESS USER(TPLUSR) ALLOW)
- Restart theTopologyAPI server for the change to take effect.
SAF is configured to authorize the user ID to access the
Topology
user interface.