Limiting access to the products
To restrict product usage, you must take steps to protect the functions that you want to restrict.
Under most circumstances, you do not have to set security when initially installing the products. Therefore, you may want to defer setting security until you have reviewed the various security methods.
DELTA PLUS and DELTA PLUS VIRTUAL TERMINAL allow you to secure product features through either of the following methods:
User access profiles
If you decide to secure product features through user access profiles, you must first establish administrator authority to create and change user access profiles. After you establish administrator authority for appropriate users, you can use UPF security to create and maintain user access profiles. For more information about establishing administrator authority and using UPF, see Implementing user access profiles and UPF security—DELTA PLUS and DELTA PLUS VIRTUAL TERMINAL customization.
A System Authorization Facility (SAF) interface to RACF or an equivalent product
For more information about securing product features through a SAF interface, see Implementing a SAF interface to RACF (or equivalent) product—DELTA PLUS and DELTA PLUS VIRTUAL TERMINAL customization.
Note
If you are going to restrict access to product functions via the SAF security interface, you must define the ACTIVATE resource before SAF will activate. The ACTIVATE resource provides a method to quickly activate and deactivate the interface. Users must have READ access to the ACTIVATE resource to access the product main menu. You should not define the ACTIVATE resource until you define all other resources.
Warning
If your site is running ACF2 and you elect not to install the SAF security interface, you must add the following SAFDEF entry to your ACF2 parameters:
FUNCRET(4) FUNCRSN(0) ID(product) MODE(IGNORE) RACROUTE(REQUEST=AUTH CLASS=prd#) RETCODE(4)
Failure to add this SAFDEF entry may cause you to receive the following error message when attempting to perform any product function:
BMCprdnnnnnn NOT AUTHORIZED TO USE product
Adding this SAFDEF entry will ensure that your existing internal product security will be used. If you decide to use the SAF security interface at a later time, you must delete this SAFDEF entry from your ACF2 parameters.
TopSecret
For more information about implementing TopSecret to secure product features, see Implementing TopSecret.
Unless you use one of these methods to control use of product features, access to the products and use of their features is effectively unlimited. The approaches to internal security are mutually exclusive.
The following table lists the internal security modules for DELTA PLUS and DELTA PLUS VIRTUAL TERMINAL. Depending on the type of security that you implement to limit access, link the appropriate module.
If you use | Link | Using DLPCNTL member |
---|---|---|
TSO userID access list | DLPYUID0 | DLP#UIDL |
RACF interface | DLPYRCN0 | DLP#RSCL |
SAF interface | DLPYSAF | DLP#SAF1 |
This section contains the following topics:
- Implementing user access profiles and UPF security—DELTA PLUS and DELTA PLUS VIRTUAL TERMINAL customization
- Implementing a SAF interface to RACF (or equivalent) product—DELTA PLUS and DELTA PLUS VIRTUAL TERMINAL customization
- Implementing TopSecret
Comments
Log in or register to comment.