Configuring CSFSERV Resource Profiles
Configure access to the CSFSERV resource profiles described in this section. Check with your security administrator before configuring these profiles to ensure that proper security is maintained.
About this task
Allow the CSFSERV resource profile access shown in Table 1.
Note: Before
you implement the access described in these profiles, review the profiles that are already in place
in your environment. Be mindful of any conflicts and potential security errors with other interfaces
that use these profiles. Adding specific profiles over generic profiles could effectively remove
access required by an existing user or application.
| Resource Profile | Web Services STC User ID | Administrator Who Executes the Panels | PAGENT User ID |
|---|---|---|---|
| CSFRNG | READ | READ | READ |
| CSF1SKD | READ | READ | |
| CSF1SKE | READ | READ | |
| CSF1TRC | READ | READ | |
| CSF1TRL | READ | READ | |
| CSFOWH | READ | READ | |
| CSF1GSK | READ | READ | |
| CSFIQA | READ | READ | READ |
| CSFRNGL | READ | READ | |
| CSF1HMG | READ | READ |
For
example:
PERMIT CSFRNG CLASS(CSFSERV) ID(user-ID) ACC(READ)
SETROPTS RACLIST(CSFSERV) REFRESHNote: If you create CSF.CSFSERV.AUTH.CSFOWH.DISABLE or
CSF.CSFSERV.AUTH.CSFRNG.DISABLE profiles in the XFACILIT class, the respective
SAF checks are disabled, even if the CSFSERV class profiles exist.
Special considerations for CHECKAUTH(YES)
The ICSF CHECKAUTH parameter specifies
whether ICSF performs security access control checking of Supervisor State or System Key callers.
(As described in Update SCHEDxx PARMLIB program properties, AZFSTCMN is in key 2.)
If the ICSF started task is started with CHECKAUTH(YES), allow access to the
CSFSERV resource profiles as shown in Table 2.
| Resource Profile | IBM® MFA Services Started Task User ID AZFSTC | Web Services STC User ID AZFWEB | TCPIP Started Task User ID |
|---|---|---|---|
| CSFDSG | READ | ||
| CSFDSV | READ | ||
| CSFOWH | READ | ||
| CSFRNG | READ | READ | |
| CSFRNGL | READ | READ | |
| CSF1DVK | READ | ||
| CSF1GAV | READ | ||
| CSF1GKP | READ | ||
| CSF1GSK | READ | ||
| CSF1HMG | READ | READ | |
| CSF1SKD | READ | READ | READ |
| CSF1SKE | READ | ||
| CSF1TRC | READ | ||
| CSF1TRD | READ | READ | READ |
| CSF1TRL | READ | READ | |
| CSFPKI | READ |