z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Authorization

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

Note:
Session and token objects require the same SAF authority.
Table 322. Authorization requirements for the token record create callable service
ActionSource object (Copy only)Token / Object being createdPKCS #11 role Authority required
Create or recreate tokenN/ATokenSO (UPDATE)
Create objectN/APublic object, except a CA certificateUSER (UPDATE) or SO (READ)
Create objectN/APrivate object, except a CA certificateUSER (UPDATE) or SO (CONTROL)
Create objectN/APublic CA certificate objectUSER (CONTROL) or SO (READ)
Create objectN/APrivate CA certificate objectUSER (CONTROL) or SO (CONTROL)
Copy objectPublic object, except a CA certificatePublic object, except a CA certificateUSER (UPDATE) or SO (READ)
Copy objectPublic object or private object, except a CA certificatePrivate object, except a CA certificateUSER (UPDATE) or SO (CONTROL)
Copy objectPrivate object, except a CA certificatePublic object, except a CA certificateUSER (UPDATE)
Copy objectPublic object, where source or target or both are CA certificate objectsPublic object, where source or target or both are CA certificate objectsUSER (CONTROL) or SO (READ)
Copy objectPublic object or private object, where source or target or both are CA certificate objectsPrivate object, where source or target or both are CA certificate objectsUSER (CONTROL) or SO (CONTROL) or both USER (UPDATE) and SO (READ)
Copy objectPrivate object, where source or target or both are CA certificate objectsPublic object, where source or target or both are CA certificate objectsUSER (CONTROL) or both USER (UPDATE) and SO (READ)
Note:

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014