External Security Definitions for Modeled Users

12-1
Define Resources in
CA ACF2
To define and activate the resources in
CA ACF2
, issue the following commands in TSO:
[ACF] SET RESOURCE(FAC) COMPILE * $KEY(NETMASTR) TYPE(FAC) ADMIN UID(USER1) SERVICE(READ) ALLOW OPER  UID(USER2) SERVICE(READ) ALLOW NOPER UID(USER3) SERVICE(READ) ALLOW MON   UID(*)     SERVICE(READ) ALLOW STORE [END]
Give background users administrator privileges.
 Instead of using TSO, you can use the ACFBATCH utility in JCL. If you use the utility, omit the [ACF] and [END] lines.
Define Resources in
CA Top Secret
To define and activate the resources in
CA Top Secret
, issue the following commands in TSO:
TSS  ADD(dept)     IBMFAC(NETMASTR) TSS  PER(USER1)    IBMFAC(NETMASTR.ADMIN) TSS  PER(USER2)    IBMFAC(NETMASTR.OPER) TSS  PER(USER3)    IBMFAC(NETMASTR.NOPER) TSS  PER(USERPROF) IBMFAC(NETMASTR.MON)
Give background users administrator privileges.
Define Resources in RACF
You define the resources and authorize users to access them.
Follow these steps:
  1. Issue the following RACF commands:
    RDEFINE FACILITY NETMASTR.ADMIN UACC(NONE) RDEFINE FACILITY NETMASTR.OPER  UACC(NONE) RDEFINE FACILITY NETMASTR.NOPER UACC(NONE) RDEFINE FACILITY NETMASTR.MON   UACC(READ) (see note) SETROPTS RACLIST(FACILITY) REFRESH
     If you do
    not
    want to allow general browse access, specify:
    RDEFINE FACILITY NETMASTR.MON   UACC(NONE)
  2. To connect users to the resources, issue PERMIT commands, for example:
    PERMIT NETMASTR.ADMIN  CLASS(FACILITY)  ID(USER1) PERMIT NETMASTR.NOPER  CLASS(FACILITY)  ID(USER2)
Give background users administrator privileges.
 The default access is READ, which is sufficient.