Steps in using the Security Conversion Assist

About this task

Invoke the Security Conversion Assist by issuing the ISFACR command from any ISPF command line. The syntax of the command is as follows:
Read syntax diagramSkip visual syntax diagram
>>-+-----------------------------------+-----------------------><
   '-ISFACR--TRACE=--rexx-trace-option-'   

The ISFACR command displays a menu of steps that you select in sequence. The steps are:
  1. Define a profile. This step lets you specify such things as the ISFPARMS and RACF® commands data sets, the CLIST library, and RACF group names.
  2. Convert ISFPARMS to profile descriptions. This step analyzes the ISFPARMS source file and:
    1. If ISFPARMS is in statement format, creates a copy of it that is in assembler macro format in data set userid.PARMI.SDSF.
    2. Produces an intermediate output file for profile descriptions. The file is named in your profile. The profile descriptions contain, in plain text, the RACF profiles that are produced by Security Conversion Assist. To be sure the required profile descriptions are present, check the file that is created against the tables in SDSF resource names for SAF security. Profile descriptions are explained in detail in Profile descriptions.
    This step also checks the RACF database for the presence of the user IDs that are found in name tables (ISFNTBL/NTBL) in the ISFPARMS.

    A pop-up lets you run this step in the foreground or in batch.

  3. Review profile descriptions. This step allows you to study and modify the profile descriptions, to make sure that the proper RACF profiles are created in a subsequent step. Some profile descriptions may be marked with the word CHANGE; you may correct these in this step or wait and correct the generated RACF commands. Refer toProfile descriptions for more information.
  4. Convert profile descriptions to RACF commands. This step translates the profile descriptions into RACF commands and writes them to the data set specified in your profile. For each command that is in the process of being created, the procedure checks if the profile is already in the RACF database. If so, no command is generated.

    The Security Conversion Assist allows you to select a specific class for which RACF commands are to be generated. Specifying ALL causes commands for all classes to be generated.

    A pop-up lets you run this conversion in the foreground or in batch.

  5. Review RACF commands. Use this step to review the generated commands. See RACF commands for a discussion of what to look for.

    You may want to simply use the generated commands as a sample to help you understand RACF security. Or, after carefully reviewing and modifying the commands, you may want to issue them to provide RACF security.

If you run the Security Conversion Assist multiple times with the same prefix for generated group names, it creates commands to delete groups defined with the previous run. You specify the prefix in the profile, which is option 1 of the menu.