We just turned on 'External Security' for OPS, so that our RACF person can test it. We set the following parm values:
It seems to be working OK, but he had some additional questions.
- Can RACF SMF records be produced and ICH408I messages for violations displayed in the SYSLOG?
- What is the best way to trace the activity so I can see the resource names as we try out the different options? We have never setup external security for ops before and the "SAF Resource Names Table" in the manual does not correlate the profiles to the various options off the panels.
Try these recommendations:
- One method to determine the OPS/MVS functionality (mapped closely to the resource names) aligned to the OPSVIEW and automation activity is to turn on SEC events in the OPSLOG (parameter BROWSESEC). Then, perform or test a given functionality and observe the OPSLOG for the SEC events generated from performing the functionality.
- You can also turn on the DEBUGEXTSEC parameter to help testing. OPS9999T messages will be logged with what is being evaluated.