Changing a parameter definition member
You use an ESM other than RACF, CA-Top Secret, or CA-ACF2.
You have both CA-ACF2 and RACF installed at your site, but you want to use RACF. You must tell MainView to use RACF because CA-ACF2 is installed in such a way that it appears to be the preferred ESM.
Before you begin
Your user ID must be authorized to update the BBSECURE security parameter library for each CAS on each system image.
To change a parameter definition member
- On the COMMAND line of the SEPDEF view, type
EDITand press Enter to request an edit session.
- On the COMMAND line, type
CHAnge and press Enter. The Change Global Security Parameters dialog is displayed.
Change Global Security Parameters COMMAND ===> SCROLL ===> PAGE ESM Attributes: ESM Type AUTO Support EntityX YES TSS Priv Program STD Display TSS Msgs ALL Support DSType=M YES Display ACF2 Msgs ALL Sybsystem Identification: Subsys ID SSID Applid SSID ReqStor ASIS Session Type NONE End User Information: ESM Userid ACCEPT Default Userid NONE Programmer Name ALLOW GROUP Inherit ALLOW Accounting Info ALLOW --Default Value EXTERNAL Diagnostics and Trace: Security Traces OFF Restart (times) 3 Window Messages NONSAFE in (minutes) 60 END to exit saving changes CANCEL to exit without saving changes HELP to view related help RESET to reset to initial data
- To identify a specific ESM to the MainView security interface, specify one of the following values in the ESM Type field:
CA-ACF2 is your primary ESM.
RACF is your primary ESM. It is only necessary to specify RACF if you also have CA-ACF2 installed, but you want to use RACF.
CA-Top Secret is your primary ESM.
A generic SAF interface is in use, such as one that was developed in-house.
The default value of AUTO tells MainView to determine automatically which ESM is installed and active.
- If one of the following conditions exists, specify
IGNOREin the GROUP Inherit field:
You do not use the RACF List of Groups checking facility (SETROPTS NOGRPLIST is in effect)
You do not use the RACF List of Groups checking facility (SETROPTS NOGRPLIST is in effect) but you have non-homogenous GROUP IDENTs CONNECT to the same USER profile on different system images or on system images that do not share a common RACF data base, and you do not want all users' current CONNECT GROUP to be to be inherited from system where the user is using Information Manager
The GROUP IDENT of a USER is not inherited on the target system.
United States Department of Defense B1 security guidelines require that the GROUP Inherit value be ALLOW or UTKNONLY.
- Modify other default parameter values as necessary.
- When your changes are complete, press the END key. The SEPDEF view is redisplayed.
On the COMMAND line, type
SAVEand press Enter to save your parameter changes. The Save a Security Parameter Definition dialog is displayed.
At any time before you enter the
SAVEcommand, you can cancel your changes by entering
CANcel on the COMMAND line. The default security parameters are reinstated.
- (optional) In the Description field, update the existing description or specify a new description of up to 30 characters.
- Press the END key to save the parameter definition member. The member is saved in the BBSECURE security parameter library for the local CAS or, in a shared environment, for all CASs. The updated definition is activated the next time that the CAS is initialized or the system is IPLed.