Programming Profile Selection for Dynamic Users

Dynamic user profiles are determined when the dynamic user logs on and are not determined by records in the ADMIN files.
tpxsm54
Dynamic user profiles are determined when the dynamic user logs on and are not determined by records in the ADMIN files.
For more information on dynamic users, see Administrating.
Methods of Profile Selection
If you are using RACF, SAF, CA ACF2, or CA Top Secret, you can use one of the following methods to determine which profiles are assigned to dynamic users:
Method of Profile Selection
Description
Specify a default profile in the SMRT.
You can specify a profile name in the Default Profile field of the System Options Table (SMRT). The profile specified in this field will be assigned to dynamic users when they sign on.
For procedures for modifying the SMRT, see Administrating.
Specify ADDPROFs in a Signon/Signoff user exit.
You can write a signon/signoff exit that uses ADDPROFs to assign profiles to dynamic users when they sign on. Dynamic users are sent to the Get Profile call point of the signon user exit.
For information on using the signon/signoff exit, see the section Setting Up User Exits.
Specify information in the security system to perform user-level or profile-level profile selection.
User-level selection
involves specifying information in the user record that will allow the security system to determine which profiles can be assigned to the user.
Profile-level selection
involves specifying rules in the security system that will allow the security system to determine which profiles can be assigned to which users.
Set Up User-level Profile Selection
User-level selection is implemented depending on which security system you are using. The following sections describe how to set up user-level profile selection depending on your security system.
Set Up User-level Profile Selection When Security System Is RACF or SAF
You can set up User-level Profile Selection when your Security System is RACF or SAF.
Follow these steps:
  1. Specify Y in the Load Profiles at Startup field of the System Options Table (SMRT).
  2. Specify USER in the Profile Selection field of the SMRT.
  3. Define a profile in CA TPX for each group name in the security system.
     Only group names for which application sessions need to be associated must be defined as profiles.
    In the profile, define the applications to be included in the user menu when the profile is selected. CA TPX will include profiles corresponding to the group names in the security system in the list of profiles assigned to the user each time the user logs on. 
    CA TPX can also identify profiles to be included in the user's profile list by an alias name for a profile. Specify the alias name in the Security Alias field of the profile. If the group name in the security system matches the alias name of the profile, the profile will be included in the list of profiles.
Set Up User-level Profile Selection When Security System Is CA ACF2
You can set up User-level Profile Selection when your Security System is CA ACF2.
Follow these steps:
  1. Specify Y in the Load Profiles at Startup field of the System Options Table (SMRT).
  2. Specify USER in the Profile Selection field of the SMRT.
  3. Turn on attribute bits in the user's LIDREC for each profile that you want to be included in the user's profile list.
  4. Specify the profile bits:
    • Determine the offset of the profile bits from the beginning of the LIDREC or MLID.
    • Specify this offset value in the CA ACF2 Authorization Offset field of the profile definition.
    • Specify the hex value of the bit in the CA ACF2 Authorization Mask field of the profile definition.
  5. Indicate the profile that should appear first in the user's list of profiles. Specify this by entering Y in the Profile Should be First field of the profile. This is done in Profile Maintenance in the product's administration.
Set Up User-level Profile Selection When Security System Is CA Top Secret
You can set up User-level Profile Selection when your Security System is CA Top Secret.
Follow these steps:
  1. Specify Y in the Load Profiles at Startup field of the System Options Table (SMRT).
  2. Specify USER in the Profile Selection field of the SMRT.
  3. Define INSTDATA for the profiles that you want to be included in the user's profile list. INSTDATA must have the following format:
    otherdata,TPX(profname,profname,profname...),otherdata
    The
    profname
    must be a one to eight character profile name. Separate each profile name by commas, and enclose the list in parentheses.
    If you specify a value in the Resource Class field of the SMRT, the product will search the INSTDATA for that value rather than TPX.
    The first profile in the INSTDATA list will appear first in the user's list of profiles.
Set Up Profile-level Profile Selection
Profile-level selection is implemented depending on which security system you are using. The following sections describe how to set up profile-level profile selection depending on your security system.
Set Up Profile-level Profile Selection When Security System Is RACF
You can set up Profile-level Profile Selection when your Security System is RACF.
Follow these steps:
  1. Specify Y in the Load Profiles at Startup field of the System Options Table (SMRT).
  2. Set up a new class in the RACF Class Descriptor Table, ICHRRCDE. Use the ICHERCDE macro to create this class.
  3. Activate the class with the SETROPTS CLASSACT command.
  4. Define the class to the application by specifying its name in the Resource Class field of the SMRT.
    If your site uses international languages, choose a resource class name that does not contain special characters.
  5. Set up a rule in the class for each profile, specifying which users can use that profile.
  6. Indicate the profile that should appear first in the user's list of profiles. Specify this by entering Y in the Profile Should be First field of the profile. This is done in Profile Maintenance in administration.
Set Up Profile-level Profile Selection When Security System Is SAF
You can set up Profile-level Profile Selection when your Security System is SAF.
Follow these steps:
  1. Specify Y in the Load Profiles at Startup field of the System Options Table (SMRT).
  2. Set up a new class in the RACF Class Descriptor Table, ICHRRCDE. Use the ICHERCDE macro to create this class.
  3. Define the class in the SAF Router Table, ICHRFR01. Use the ICHRFRTB macro to create this class.
  4. Activate the class with the SETROPTS CLASSACT command.
  5. Define the class to the product by specifying its name in the Resource Class field of the SMRT.
    If your site uses international languages, choose a resource class name that does not contain special characters.
  6. Set up a rule in the class for each profile, specifying which users can use that profile.
  7. Indicate the profile that should appear first in the user's list of profiles. Specify this by entering Y in the Profile Should be First field of the profile. This is done in Profile Maintenance in the product's administration.
Set Up Profile-level Profile Selection When Security System Is CA ACF2 or CA Top Secret
You can set up Profile-level Profile Selection when your Security System is CA ACF2 or CA Top Secret.
Follow these steps:
  1. Specify Y in the Load Profiles at Startup field of the System Options Table (SMRT).
  2. Set up a class of resource rules in your security system.
  3. Define the class to CA TPX by specifying its name in the Resource Class field of the SMRT.
    If your site uses international languages, choose a resource class name that does not contain special characters.
  4. Set up a rule in the class for each product profile, specifying which users can use that profile. Indicate the profile that should appear first in the user's list of profiles. Specify this by entering Y in the Profile Should be First field of the profile. This is done in Profile Maintenance in administration.