Limiting access to the products

By default, access to many product functions is unlimited.

To restrict product usage, you must take steps to protect the functions that you want to restrict.

Under most circumstances, you do not have to set security when initially installing the products. Therefore, you may want to defer setting security until you have reviewed the various security methods.

DELTA PLUS and DELTA PLUS VIRTUAL TERMINAL allow you to secure product features through either of the following methods:

  • User access profiles

    If you decide to secure product features through user access profiles, you must first establish administrator authority to create and change user access profiles. After you establish administrator authority for appropriate users, you can use UPF security to create and maintain user access profiles. For more information about establishing administrator authority and using UPF, see Implementing user access profiles and UPF security.

  • A System Authorization Facility (SAF) interface to RACF or an equivalent product

    For more information about securing product features through a SAF interface, see Implementing a SAF interface to RACF (or equivalent) product.

    Note

    If you are going to restrict access to product functions via the SAF security interface, you must define the ACTIVATE resource before SAF will activate. The ACTIVATE resource provides a method to quickly activate and deactivate the interface. Users must have READ access to the ACTIVATE resource to access the product main menu. You should not define the ACTIVATE resource until you define all other resources.

    Warning

    If your site is running ACF2 and you elect not to install the SAF security interface, you must add the following SAFDEF entry to your ACF2 parameters:

             FUNCRET(4) FUNCRSN(0) ID(product) MODE(IGNORE)
             RACROUTE(REQUEST=AUTH CLASS=prd#) RETCODE(4)

    Failure to add this SAFDEF entry may cause you to receive the following error message when attempting to perform any product function:

    BMCprdnnnnnn NOT AUTHORIZED TO USE product

    Adding this SAFDEF entry will ensure that your existing internal product security will be used. If you decide to use the SAF security interface at a later time, you must delete this SAFDEF entry from your ACF2 parameters.

  • TopSecret

    For more information about implementing TopSecret to secure product features, see Implementing TopSecret.

Unless you use one of these methods to control use of product features, access to the products and use of their features is effectively unlimited. The approaches to internal security are mutually exclusive.

The following table lists the internal security modules for DELTA PLUS and DELTA PLUS VIRTUAL TERMINAL. Depending on the type of security that you implement to limit access, link the appropriate module.

If you use

Link

Using DLPCNTL member

TSO userID access list

DLPYUID0

DLP#UIDL

RACF interface

DLPYRCN0

DLP#RSCL

SAF interface

DLPYSAF

DLP#SAF1



Was this page helpful? Yes No Submitting... Thank you

Comments