Identifying the security class to your ESM
Use the appropriate procedure, as follows, to identify the security class for BMC II for z/OS resources (by default, $BOOLE) to your ESM.
To identify the security class (RACF users)
In your RACF Router Table, specify the following TSO command:ICHRFRTB CLASS=$BOOLE,
ACTION=RACF
ICHRFRTB TYPE=END
$BOOLE is the default security class name.
In your RACF Resource Class Descriptor Table, specify the following command:ICHERCDE CLASS=$BOOLE,
ID= ,
FIRST=ALPHA,
MAXLNTH=246,
OTHER=ANY,
OPER=NO,
POSIT=
- To activate the $BOOLE security class, enter the following RACF command:SETROPTS CLASSACT($BOOLE)
- To allow $BOOLE to use generic profiles, enter the following RACF command:SETROPTS GENERIC($BOOLE)
To identify the security class (CA-ACF2 users)
For CA-ACF2, use the following TSO commands to update the CLASMAP records with security class $BOOLE:ACF
SET Control(GSO)
INSERT CLASMAP.$BOOLE +
RESOURCE($BOOLE) +
RSRCTYPE(type) +
ENTITYLN(39) END
The variable type is a CA-ACF2 resource type code.
To identify the security class (CA-Top Secret users)
For CA-Top Secret, use the following TSS ADDTO command to update the resource definition table (RDT) with security class $BOOLE:TSSADDTO(RDT)RESCLASS($BOOLE)+
RESCODE(xx)ATTR(PRIVPGM,LONG,GENERIC)+
ACLST(NONE,READ,UPDATE,ALL)+
DEFACC(NONE)
xx is a two-digit hexadecimal resource code. The access-level information (ACLST and DEFACC) that is shown is only an example. You can choose your own access-level names and default access level.