Identifying the security class to your ESM

Use the appropriate procedure, as follows, to identify the security class for BMC II for z/OS resources (by default, $BOOLE) to your ESM.

To identify the security class (RACF users)

  1. In your RACF Router Table, specify the following TSO command:ICHRFRTB CLASS=$BOOLE,

    ACTION=RACF

    ICHRFRTB TYPE=END

    $BOOLE is the default security class name.

  2. In your RACF Resource Class Descriptor Table, specify the following command:ICHERCDE CLASS=$BOOLE,

    ID= ,

    FIRST=ALPHA,

    MAXLNTH=246,

    OTHER=ANY,

    OPER=NO,

    POSIT=

  3. To activate the $BOOLE security class, enter the following RACF command:SETROPTS CLASSACT($BOOLE)
  4. To allow $BOOLE to use generic profiles, enter the following RACF command:SETROPTS GENERIC($BOOLE)

To identify the security class (CA-ACF2 users)

For CA-ACF2, use the following TSO commands to update the CLASMAP records with security class $BOOLE:ACF

SET Control(GSO)

INSERT CLASMAP.$BOOLE +

RESOURCE($BOOLE) +

RSRCTYPE(type) +

ENTITYLN(39) END

The variable type is a CA-ACF2 resource type code.

To identify the security class (CA-Top Secret users)

For CA-Top Secret, use the following TSS ADDTO command to update the resource definition table (RDT) with security class $BOOLE:TSSADDTO(RDT)RESCLASS($BOOLE)+

RESCODE(xx)ATTR(PRIVPGM,LONG,GENERIC)+

ACLST(NONE,READ,UPDATE,ALL)+

DEFACC(NONE)

xx is a two-digit hexadecimal resource code. The access-level information (ACLST and DEFACC) that is shown is only an example. You can choose your own access-level names and default access level.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*