When using the Administration menu or issuing operator commands, a user’s user ID is validated against its classification level as defined for external security.
On z/OS, you use the System Authorization Facility (SAF) and a SAF-compliant package such as CA-ACF2, RACF, or CA-Top Secret to verify accesses to the Data Object Broker. Refer to
External Security Interface–z/OS for information on how to define a user ID with a specific classification level.
The following table describe, in increasing authority, the user classification levels available for z/OS. Press PF11 in the Administration menu for a full listing of the accesses available based on user classification.
On Open Systems, you define user IDs to a specific classification via the PRIVILEGED, OPERATOR, and SYSADMIN Data Object Broker parameters. Refer to
TIBCO Object Service Broker Parameters for details on how to define these parameters.
For implementation details about the external database servers, refer to the appropriate Service Gateway manual in the TIBCO Object Service Broker documentation.
TIBCO Object Service Broker for z/OS Installing and Operating or
TIBCO Object Service Broker for Open Systems Installing and Operating for details on the Administration menu and operator commands.
TIBCO Object Service Broker for z/OS Utilities or
TIBCO Object Service Broker for Open Systems Utilities for details about the utilities.
TIBCO Object Service Broker Parameters for details on how to define the SECUREADMIN parameter.
The z/OS security interface, System Authorization Facility (SAF), is used to verify accesses to the Data Object Broker. SAF is enabled by setting the SECURADMIN Data Object Broker parameter to Y. By default this parameter is set to N (disabled). If security is enabled, a RACROUTE call is made to a SAF-compliant security package such as RACF, CA-ACF2, or CA-Top Secret.
where nodename refers to the Data Object Broker that contains the data to be accessed. Nodename is specified via the NODENAME Data Object Broker parameter.
You define these definitions for each Data Object Broker at your site that has the SECUREADMIN Data Object Broker parameter set to Y. The default access should be NONE; READ access should be given to the user ID being granted access at the specified level.
The following SAF parameters and values are defined for the RACROUTE macro. You must take these into consideration when defining the security definitions for your site:
Samples are provided with TIBCO Object Service Broker to assist you with preparing your security setup for your administration functions. Your preparation depends on the external security package in use at your site. The following table lists the samples that are shipped with the CNTL data set:
TIBCO Object Service Broker for z/OS Installing and Operating or
TIBCO Object Service Broker for Open Systems Installing and Operating for details on the Administration menu and the operator commands.