Creating CA-ACF2 Facility Classes
The platform server uses CA-ACF2 facility classes to determine whether a user is authorized to perform certain platform server maintenance functions.
The platform server uses following two types of facility classes to validate if a user is authorized for a function:
Procedure
-
Create the REXX/ISPF inquiry and profile facility under CA-ACF2.
The GLOBAL BOSSID parameter, which is defined in GLOBAL Startup Parameters, defines a facility class that is used for authorization checking for:
If BOSSID=$FUSION:
-
To define this facility under CA-ACF2, you can use the following commands:
ACF ? SET RULE ? COMPILE STORE $KEY($FUSION) TYPE(FAC)
-
To make a user a platform server ISPF/REXX administrator, give them READ authorization to the profile by using the following command:
UID(FUSADM) SERVICE(READ) ALLOW
-
To make a user a platform server profile administrator, give them CONTROL authorization to the profile by using the following command:
UID(FUSADM) SERVICE(DELETE) ALLOW
-
To complete the resource rule, enter the following command:
<ENTER> ? END
-
To define this facility under CA-ACF2, you can use the following commands:
-
(Optional) Create a read only REXX/ISPF inquiry and profile facility.
In addition to the processing defined in step 1, you can define an additional facility class to give ISPF users the authority to view but not update transfer requests. This facility adds the suffix .READ to the GLOBAL BOSSID parameter. When a TSO user has READ access to this facility class, the user can perform the following functions:
- View all transfers.
- Update only transfers where the transfer local user ID matches their TSO user ID.
If BOSSID=$FUSION:
-
To define this facility under CA-ACF2, use the following command:
ACF ? SET RULE ? COMPILE STORE $KEY($FUSION.READ) TYPE(FAC)
-
To make a user a platform server ISPF/REXX administrator, give them READ authorization to the previous facility by using the following command:
UID(FUSADM) SERVICE(READ) ALLOW
-
To complete the resource rule, enter the following command:
<ENTER> ? END
At this point, the platform server will also check facility class $FUSION.READ. If a user has access to this facility class, the user can read but not update transfer requests. -
Create the Command Center facility classes.
Four GLOBAL parameters define the names of the facility classes that are used to determine if a user is authorized for Command Center functions.
See the following parameters defined in the GLOBAL member of the platform server SAMPLIB library. For more information, see GLOBAL Startup Parameters.
CCC_BROWSE_FACILITY=$CCC.BROWSE CCC_ALTER_FACILITY=$CCC.ALTER CCC_ADMIN_FACILITY=$CCC.ADMIN CCC_TRANSFER_FACILITY=$CCC.TRANSFER
-
To define these Command Center facilities under CA-ACF2, use the following commands:
ACF ? SET RULE ? COMPILE STORE $KEY($CCC.BROWSE) TYPE(FAC) $KEY($CCC.ALTER) TYPE(FAC) $KEY($CCC.ADMIN) TYPE(FAC) $KEY($CCC.TRANSFER) TYPE(FAC)
- Give the user appropriate rights using any of the following commands:
- To make a Command Center user authorized for all Command Center functions, give them READ authorization to the facility defined by the
CCC_ADMIN_FACILITY parameter:
$KEY($CCC.ADMIN) TYPE(FAC) UID(userid) SERVICE(READ) ALLOW
- To make a Command Center user authorized for inquiry on completed transfers, give them READ authorization to the facility defined by the
CCC_BROWSE_FACILITY parameter:
$KEY($CCC.BROWSE) TYPE(FAC) UID(userid) SERVICE(READ) ALLOW
- To make a Command Center user authorized for altering transfers on the platform server queue, give them READ authorization to the facility defined by the
CCC_ALTER_FACILITY parameter:
$KEY($CCC.ALTER) TYPE(FAC) UID(userid) SERVICE(READ) ALLOW
- To make a Command Center user authorized for initiating transfers, give them READ authorization to the facility defined by the
CCC_TRANSFER_FACILITY parameter:
$KEY($CCC.TRANSFER) TYPE(FAC) UID(userid) SERVICE(READ) ALLOW
-
To define these Command Center facilities under CA-ACF2, use the following commands:
Copyright © Cloud Software Group, Inc. All rights reserved.