Limiting access to ETA

This section describes the procedures for limiting access to ETA.

By default, access to many ETA functions is unlimited. To restrict product usage, you must take steps to protect the functions that you want to restrict.

Under most circumstances, you do not have to set security when initially installing ETA. Therefore, you may want to defer setting security until you have reviewed the various security methods.

ETA allows you to secure product features through either of the following methods:

  • User access profiles

    If you decide to secure product features through user access profiles, you must first establish administrator authority to create and change user access profiles. After you establish administrator authority for appropriate users, you can use UPF security to create and maintain user access profiles. For more information about establishing administrator authority and using UPF, see Implementing-user-access-profiles-and-UPF-security1.

  • A System Authorization Facility (SAF) interface to RACF or an equivalent product

    For more information about securing product features through a SAF interface, see Implementing-a-SAF-interface-to-RACF-or-equivalent-product1.

Note

If you are going to restrict access to product functions via the SAF security interface, you must define the ACTIVATE resource before SAF will activate. The ACTIVATE resource provides a method to quickly activate and deactivate the interface. Users must have READ access to the ACTIVATE resource to access the product main menu. You should not define the ACTIVATE resource until you define all other resources.

Warning

If your site is running ACF2 Version 1.6.0 or later and you elect not to install the SAF security interface, you must add the following SAFDEF entry to your ACF2 parameters:

         FUNCRET(4) FUNCRSN(0) ID(product) MODE(IGNORE)
         RACROUTE(REQUEST=AUTH CLASS=prd#) RETCODE(4)

Failure to add this SAFDEF entry may cause you to receive the following error message when attempting to perform any product function:

BMCprdnnnnnn NOT AUTHORIZED TO USE product

Adding this SAFDEF entry will ensure that your existing internal product security will be used. If you decide to use the SAF security interface at a later time, you must delete this SAFDEF entry from your ACF2 parameters.

Unless you use one of these methods to control use of product features, access to ETA and use of its features is effectively unlimited. The approaches to internal security are mutually exclusive.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*