Skip to Content

Configuring CA-ACF2 security

You can use CA-ACF2 to secure XBM by defining resource rules for access to XBM functions.

Granting-user-authorizations-for-EXTENDED-BUFFER-MANAGER

To configure CA-ACF2 security

  1. Ensure that SAF is enabled on your MVS system.XBM issues a RACROUTE macro to SAF to determine whether a request can be approved.

  2. Update the INFODIR record as follows:

    CHANGE INFODIR TYPES(R-RFAC)
  3. Refresh the INFODIR record.

  4. Define resource rules to provide access authority to users of specific XBM actions and resources, by using the following format:

     $KEY(BMCXBM.ssid.action.object **********)TYPE(FAC)
    Warning

    Important

    The resource profile must be named BMCXBM.

    The variables represent the following values:

    • ssid represents the XBM subsystem ID.
    • action represents the XBM action.
    • object represents the XBM object or resource name.

    For more information about defining a resource profile, see RACF resource profiles.

  5. Rebuild the FAC resource rule by performing an initial program load (IPL) of MVS, or by issuing the following MVS MODIFY command:

    F ACF2,REBUILD(FAC)

    For more information about CA-ACF2, see the vendor-provided user documentation for that product.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

SNAPSHOT UPGRADE FEATURE for DB2 6.2