Changing a parameter definition member

• You use an ESM other than RACF, CA-Top Secret, or CA-ACF2.

• You have both CA-ACF2 and RACF installed at your site, but you want to use RACF. You must tell MainView to use RACF because CA-ACF2 is installed in such a way that it appears to be the preferred ESM.
  
  

To change a parameter definition member

1. On the COMMAND line of the SEPDEF view, type EDIT and press Enter to request an edit session.
2. On the COMMAND line, type CHAnge and press Enter. The Change Global Security Parameters dialog is displayed.

                         Change Global Security Parameters
   COMMAND ===>                                                SCROLL ===> PAGE
   
   ESM Attributes:
    ESM Type         AUTO       Support EntityX YES
    TSS Priv Program STD        Display TSS Msgs ALL
    Support DSType=M YES        Display ACF2 Msgs ALL
   Sybsystem Identification:
    Subsys ID        SSID       Applid SSID
    ReqStor          ASIS       Session Type NONE
   End User Information:
    ESM Userid       ACCEPT     Default Userid NONE
    Programmer Name  ALLOW      GROUP Inherit ALLOW
    Accounting Info  ALLOW
    --Default Value  EXTERNAL
   Diagnostics and Trace:
    Security Traces  OFF        Restart (times) 3
    Window Messages  NONSAFE    in (minutes) 60
   
   END to exit saving changes
   CANCEL to exit without saving changes
   HELP to view related help
   RESET to reset to initial data

3. To identify a specific ESM to the MainView security interface, specify one of the following values in the ESM Type field:

   Value	Description
   ACF2	CA-ACF2 is your primary ESM.
   RACF	RACF is your primary ESM. It is only necessary to specify RACF if you also have CA-ACF2 installed, but you want to use RACF.
   TSS	CA-Top Secret is your primary ESM.
   SAF	A generic SAF interface is in use, such as one that was developed in-house.

   The default value of AUTO tells MainView to determine automatically which ESM is installed and active.

4. If one of the following conditions exists, specify IGNORE in the GROUP Inherit field:

   • You do not use the RACF List of Groups checking facility (SETROPTS NOGRPLIST is in effect)

   • You do not use the RACF List of Groups checking facility (SETROPTS NOGRPLIST is in effect) but you have non-homogenous GROUP IDENTs CONNECT to the same USER profile on different system images or on system images that do not share a common RACF data base, and you do not want all users' current CONNECT GROUP to be to be inherited from system where the user is using Information Manager

   The GROUP IDENT of a USER is not inherited on the target system.

   Note

   United States Department of Defense B1 security guidelines require that the GROUP Inherit value be ALLOW or UTKNONLY.

5. Modify other default parameter values as necessary.
6. When your changes are complete, press the END key. The SEPDEF view is redisplayed.

7. On the COMMAND line, type SAVE and press Enter to save your parameter changes. The Save a Security Parameter Definition dialog is displayed.

   Note

   At any time before you enter the SAVE command, you can cancel your changes by entering CANcel on the COMMAND line. The default security parameters are reinstated.

8. (optional) In the Description field, update the existing description or specify a new description of up to 30 characters.
9. Press the END key to save the parameter definition member. The member is saved in the BBSECURE security parameter library for the local CAS or, in a shared environment, for all CASs. The updated definition is activated the next time that the CAS is initialized or the system is IPLed.