Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Granting access to RACF FACILITY class profiles Integrated Security Services Open Cryptographic Enhanced Plug-ins Application Programming SC14-7568-00 |
|||||||||||||
To use the services offered by OCEP, the user IDs that are associated with the daemon applications must be authorized to access RACF FACILITY class profiles. See Table 1 for a list of these FACILITY class profiles and the type of access that is required.
In addition, these user IDs must be authorized to access the CDS.* FACILITY class profiles that are required to access the OCSF Framework. To define these FACILITY class profiles, you would issue the following
RDEFINE commands:
Next, the user ID that is associated with the daemon or application
that will call OCEP must be authorized to use the new FACILITY class
profiles. For example, to permit the user ID G092799 to access these
class profiles, you would issue the following RACF PERMIT commands:
Depending on the specific requirements of the application, you may also need to authorize the daemon user ID to access other class profiles. For easier administration, you can also define a group for the user IDs that are associated with the applications that will use OCEP. This group can then be permitted to access the appropriate RACF FACILITY class profiles. Individual users can then be connected, as needed, to the group. For more information about how to define RACF groups and grant access to the FACILITY class profiles, see the z/OS Security Server RACF Command Language Reference and the z/OS Security Server RACF Security Administrator's Guide. For more information about the class authorizations that are required for OCSF, see z/OS Open Cryptographic Services Facility Application Programming. |
Copyright IBM Corporation 1990, 2014
|