For those of you who always laughed when I said read your HOLD(DOC) for
buried HOLD(ACTION) items. Here it is kids, so for those of you who
still ignore HOLD(DOC), keep telling yourselves that you're saving time
and I'm crazy for looking at HOLD(DOC).
++HOLD(UI43841) SYSTEM FMID(HSMA21A) REASON(DOC) DATE(17011)
COMMENT(
Perform the following RACF security steps,
or equivalent steps using your SAF product.
The SAMPLIB sample job, IZUCASEC contains these commented-out
RACF commands and is provided as an aid to perform these steps
if you choose to use it.
RDEFINE OPERCMDS MVS.MCSOPER.* UACC(NONE)
PERMIT MVS.MCSOPER.* CLASS(OPERCMDS) ID(IZUSVR) ACCESS(READ)
RDEFINE OPERCMDS (MVS.VARY.TCPIP.OBEYFILE) UACC(NONE)
PERMIT MVS.VARY.TCPIP.OBEYFILE ACCESS(CONTROL) CLASS(OPERCMDS)
ID(IZUSVR)
RDEFINE OPERCMDS (MVS.DISPLAY.*) UACC(NONE)
PERMIT MVS.DISPLAY.* CLASS(OPERCMDS) ID(IZUSVR) ACCESS(READ)
RDEFINE SERVAUTH EZB.NETSTAT.<mvsname>.<tcpprocname>.VIPADCFG
UACC(NONE)
PERMIT EZB.NETSTAT.<mvsname>.<tcpprocname>.VIPADCFG
CLASS(SERVAUTH) ID(IZUSVR) ACCESS(READ)
RDEFINE SERVAUTH EZB.NETWORKUTILS.CLOUD.<mvsname> UACC(NONE)
PERMIT EZB.NETWORKUTILS.CLOUD.<mvsname> CLASS(SERVAUTH)
ID(IZUSVR) ACCESS(READ)
Grant ALTER access to IZUSVR for the stack include and stack
dynamic update datasets if your system protects data sets with
SAF profiles. These are data sets you will create manually and
then reference in Configuration Assistant when you configure a
TCP/IP stack from the Systems tab in the Cloud perspective.
If the z/OS ROUTE command is protected by SAF, IZUSVR must have
READ access to the MVS.ROUTE.CMD.<system> SAF profile in the
OPERCMDS class.
**NOTE: <system> is the target MVS system name where
IBM Cloud Provisioning and Management for z/OS will provision
resources. e.g.
PERMIT MVS.ROUTE.CMD.<system> CLASS(OPERCMDS)
ID(IZUSVR) ACCESS(READ)
SETROPTS RACLIST(OPERCMDS,SERVAUTH) REFRESH
).
Regards,
Tom Conley
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
