Configuring CA-Top Secret security

You can use CA-Top Secret to secure

XBM

by defining resource profiles for access to 

XBM

functions.

To configure CA-Top Secret security

  1. Ensure that SAF is enabled on your MVS system.XBMissues a RACROUTE macro to SAF to determine if a request can be approved.

  2. Add the XBMresource profile BMCXBM and the XBM subsystem (indicated by the ssid):

    TSS ADD(departmentACID) IBMFAC(BMCXBM)
    TSS ADD(departmentACID) IBMFAC(<ssid>)

  3. Permit access to the XBMresource profile BMCXBM and the XBMsubsystem:

     TSS PER(userID or profile) IBMFAC(BMCXBM.<ssid>.<action>.<object>)
     ACCESS(Control or higher)
     TSS PER(userID or profile) IBMFAC(<ssid>) ACCESS(UPDATE)

    Resource profiles for XBMrequire the following form:

    BMCXBM.<ssid>.<action>.<object>

    The variables represent the following values:

    • ssid represents the XBMsubsystem ID.
    • action represents the XBMaction.
    • object represents the XBMobject or resource name.

    For more information about the XBMresource profile, including values for action and object, see RACF resource profiles. For more information about CA-Top Secret, see the vendor-provided user documentation for that product.

Related topic

Granting-user-authorizations-for-EXTENDED-BUFFER-MANAGER


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*