Authorize access to resource profiles for shared secret

You must authorize the administrators who access the panel to set or change the shared secret to the resource profiles. You must also authorize the user ID of the IBM® MFA services started task to the USER.TOKEN_NAME resource profile.

Procedure

  1. Allow the access shown in Table 1:
    Table 1. Required User Authorization
    Resource Profile/Data Set Class Access
    SO.TOKEN_NAME CRYPTOZ CONTROL
    USER.TOKEN_NAME CRYPTOZ UPDATE
    CSFRNG CSFSERV READ
    CSF1TRL CSFSERV READ
    CSF1SKE CSFSERV READ
    CSF1GSK CSFSERV READ
    For example:
    PERMIT SO.token_name CLASS(CRYPTOZ) ID(user-ID) ACC(CONTROL)
    PERMIT USER.token_name CLASS(CRYPTOZ) ID(user-ID) ACC(UPDATE)
    PERMIT USER.token_name CLASS(CRYPTOZ) ID(AZFSTC) ACC(UPDATE)
    SETROPTS RACLIST(CRYPTOZ) REFRESH
  2. Verify the change.