×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
Common mainframe infrastructure 2018 release ... Administering Administering BMC Execution Component for z/OS (DBC)

DBC security

This section introduces security for DBC.

Consider the following requirements and features of DBC security:

  • DBC must meet the following UNIX requirements:

    • Write and execute access to the /tmp directory.

    • Update access to the FSACCESS (UNIX file system access check) resource class.

  • DBC must be authorized to create an Extended MCS Console.

  • DBC uses the standard System Authorization Facility (SAF) interface to communicate with an External Security Manager (ESM). DBC is compatible with ESMs that support the SAF interface (including CA Technologies CA ACF2 and CA Top Secret products).

    The DBC security interface is compatible with the IBM Resource Access Control Facility (RACF) Version 1.9 or later. DBC issues security calls directly to the SAF interface.

  • DBC does not require you to define resources (that is, internal control points) to an ESM. However, if the security parameter <ALLOW_SAF_RC4> is set to NO and no resource names have been defined, all DBC requests fail with an authorization error. If ALLOW_SAF_RC4 is set to NO, you must define DBC resource names so that access can be granted or denied as appropriate.

  • DBC security control points include commands that are issued from an IBM z/OS system console and from the IBM System Display and Search Facility (SDSF). The DBC subsystem command processor extracts the user ID from the ACEE that is associated with the console address space and propagates this value through the system. Appropriate ESM customization is required to allow operator authorization to DBC commands.

  • DBC stores its security parameters in the DBCSECUR data set.

    DBC security parameters are independent of all other DBC parameters. This physical separation allows the security administrator to implement independent and discrete access to the security parameters (DBCSECUR) and potentially more general access to the subsystem parameters (DBCPARMS).

For more information, see the following topics:

Related topic

Administering BMC Execution Component for z/OS (DBC)



Was this page helpful? Yes No Submitting... Thank you
Last modified by Mary Cameron on Jul 24, 2019
administration

Comments

Log in or register to comment.

Stopping the DBC subsystem
Controlling access to DBC resources
© Copyright 2013 - 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.