Previous Topic: User Validation for CA ACF2

Next Topic: Controlling Access Using SAF


Add OMVS Segment to User IDs

When user IDs have an OMVS segment defined, they can issue any of the USS, TCP/IP, or CSM (Communications Storage Manager) commands.

Some USS commands, like UPROCESS, only display processes belonging to the USS UID and GID of a user.

To add OMVS segment to user IDs, see the Security Requirement section in the HELPLIB member for the command.

Example: Help Command

Issue the following Help command to retrieve security requirements information for a specific USS, TCP/IP, or CSM:

HELP UPROCESS

SAF Requirements

The following sections list SAF authorizations that are required for both the CA SYSVIEW address spaces and for individual user IDs. The SAF authorizations depend on what features and components are implemented at your site.

JESSPOOL Class

The JESSPOOL class is used to protect JES spool data from unauthorized access. If the JESSPOOL class is active in your external security product, the SYSLOG and OUTPUT commands make SAF calls in the JESSPOOL class for the resources shown.

JESSPOOL Class (if active)

FACILITY Class

Access is required to the following FACILITY class resources so you can:

FACILITY Class

LOGSTRM Class

The LOGSTRM class is used to secure access to MVS log streams.

LOGSTRM Class

OPERCMDS Class

The OPERCMDS class is used to secure access to MVS operator commands.

OPERCMDS Class

UNIXPRIV Class

The UNIXPRIV class is used to secure access to Unix System Services (USS) commands.

UNIXPRIV Class

MQCONN Class

The MQCONN class is used to secure access to MQSeries connections.

MQCONN Class

MQQUEUE Class

The MQQUEUE class is used to secure access to MQSeries queues.

MQQUEUE Class

MQCMDS Class

The MQCONN class is used to secure access to MQSeries commands.

MQCMDS Class

SERVAUTH Class

The SERVAUTH class is used to secure access to TCP/IP stacks.

Note: The VTAM start option, SNAMGMT, must be set to YES, so that the ISTMGCEH subtask will be attached to open the Network Management Interface.

SERVAUTH Class