Configure SAF Authorization Using Top Secret
Top Secret
Configure the SAF authorization of
Topology
user IDs in Top Secret
.Required roles: systems programmer, security administrator |
|---|
You can use
ACF2 for z/OS
to configure SAF authorization for an existing Topology
user ID. To control access based on the purpose of the user ID, grant the user ID with access to the required SAF resources.This section expects the user to be familiar with the
ACF2 for z/OS
security manager. For more information about the available commands, see the ACF2 for z/OS
documentation at https://techdocs.broadcom.com/topsecret.Follow these steps:
- Grant the TPLSTC user ID with READ access to the BPX.SERVER resource in the FACILITY class.Example:TSS PER(TPLPROF) IBMFAC(BPX.SERVER) ACCESS(READ)
- Define a security resource class for theTopologyAPI server.Example:TSS ADDTO(RDT) RESCLASS(CA$TPL) MAXLEN(42) ACLST(ALL,CONTROL,UPDATE,READ,NONE) DEFACC(NONE)You have defined the CA$TPL class.
- Create security resources for theTopologyAPI server. InACF2 for z/OS, this is done by assigning the resource ownership.Currently, the access to UI only verifies the following resource in the class: TOPOLOGY.API.ACCESS.Example:TSS ADD(deptmnt) CA$TPL(TOPOLOGY)
- Grant access to theTopologyuser interface to the user ID that requires this access.InACF2 for z/OS, you might want to create a common profile for all the users that access Topology. You can implement the following example by using the user ID (TPLUSR) both as a profile or as an ordinary user ID.Example:TSS PER(TPLUSR) CA$TPL(TOPOLOGY.API.ACCESS) ACCESS(READ)SAF is configured to authorize the user ID to access theTopologyuser interface.