Before you begin
Make sure that:
Your user ID is authorized to access the BBSECURE security parameter library for each CAS on each system image
Your ESM is properly configured for use with MainView windows-mode security, as described in Managing security for MainView products
To customize windows-mode security
- (optional) Modify the security parameters.
In most cases, the distributed parameter definition can determine which ESM is in use at your site without any input from you. You do not need to modify the default security parameters unless one of the following conditions exists:
You use an ESM other than RACF, CA-Top Secret, or CA-ACF2, such as one that was developed in-house.
You have both CA-ACF2 and RACF installed at your site, but you want to use RACF. You must tell MainView to use RACF because CA-ACF2 is installed in such a way that it appears to be the preferred ESM.
You do not use the RACF List of Groups checking facility (SETROPTS NOGRPLIST is in effect); or, you use the RACF List of Groups checking facility (SETROPTS GRPLIST is in effect) but you have non-homogenous GROUP IDENTs CONNECT to the same USER profile on different system images or on system images that do not share a common RACF data base, and you do not want for all users' current CONNECT GROUP to be to be inherited from the system where the user is using Information Manager.
To change the security parameters for any of these reasons, use the SEPDEF view, as described in Changing a parameter definition member.
- (optional) Modify the security class definition.
The default security class for resources in windows mode is $BBM. By default, $BBM is transformed (by use of a NEXT statement) to external resource class FACILITY, which is a predefined class for CA-ACF2, CA-Top Secret, and RACF. If you can use FACILITY as your security class, you do not need to modify the security class for windows-mode products.
If you want to use a security class other than FACILITY, use the SECDEF view, as described in Changing a class definition.
- Review the resource names for the common resources and product resources that you want to protect.
Every MainView widows-mode resource is defined in a resource definition. If you want to
Understand the naming convention for windows-mode resources, see Resource naming convention
Review a complete list of resource definitions and their corresponding entity names for each MainView product, see Security resource definitions listed by product
Determine the entity name for a particular view, see Security resource definitions listed by view
Review one or more resource definitions online, see Displaying a resource definition
- (optional) Modify the resource definitions.
For information about changing the security class, entity name, access intent, or log options of a resource definition, see Changing a resource definition.
- (optional) If you created any new parameter, class, or common resource definition members with a suffix other than 00, specify the new suffixes in the CASDEF view and reinitialize the CAS, as described in:
If you created any new product resource definition members with a suffix other than 00, specify the new suffixes in the TGTDEFD view and reinitialize the CAS and PAS that use them, as described in Activating a resource definition member.