You must authorize the administrators who access the panel to set or
change the shared secret to the resource profiles. You must also authorize the user ID of the
IBM® MFA services started task to the
USER.TOKEN_NAME resource profile.
Procedure
-
Allow the access shown in Table 1:
Table 1. Required User Authorization
Resource Profile/Data Set |
Class |
Access |
SO.TOKEN_NAME |
CRYPTOZ |
CONTROL |
USER.TOKEN_NAME |
CRYPTOZ |
UPDATE |
CSFRNG |
CSFSERV |
READ |
CSF1TRL |
CSFSERV |
READ |
CSF1SKE |
CSFSERV |
READ |
CSF1GSK |
CSFSERV |
READ |
For
example:
PERMIT SO.token_name CLASS(CRYPTOZ) ID(user-ID) ACC(CONTROL)
PERMIT USER.token_name CLASS(CRYPTOZ) ID(user-ID) ACC(UPDATE)
PERMIT USER.token_name CLASS(CRYPTOZ) ID(AZFSTC) ACC(UPDATE)
SETROPTS RACLIST(CRYPTOZ) REFRESH
-
Verify the change.