Analyzer SYSTEM security
HZASANP2 in the PARMLIB defines the system security settings for running the Analyzer.
***********************************************************************
* ZAO Analyzer on-line mode settings for z/OS SYSTEM security *
* *
***********************************************************************
* SECURITY=SYSTEM - HTTPS (SSL encrypted) communications *
* with z/OS system security (SAF/RACF). *
* Refer to HZASANS1/2/3 in JCLLIB for sample JCL *
* to define RACF profiles/certificates. *
* *
***********************************************************************
SECURITY = SYSTEM
***********************************************************************
* The following settings are only applicable for *
* SECURITY=SYSTEM: *
* *
* AUTH_HLQ defines SAF/RACF profile high level qualifier *
* *
* AUTH_UPPERCASE=Y Analyzer will uppercase passwords when *
* invoking SAF/RACF password authentication. *
* When password phrase support has been *
* enabled AUTH_UPPERCASE=Y has no effect, and *
* mixed case is used. *
* AUTH_UPPERCASE=N Analyzer will pass through mixed case passwords *
* when invoking SAF/RACF password authentication *
* *
* GSK_KEYRING_FILE defines SAF/RACF Keyring name of SSL Certificate *
* GSK_KEY_LABEL defines SAF/RACF Label name of SSL Certificate *
* GSK_.... defines optional z/OS SSL environment variables. *
* The z/OS Cryptographic Services Secure Sockets *
* Layer Programming manual explains the *
* environment variables. *
* For example, define GSK_HW_CRYPTO = 32 *
* for SHA-256 digest generation. *
* *
* JCLLIB(HZASANS1) contains sample JCL to define RACF profiles, using *
* a high level qualifier of 'ZAO'. If you have changed HZASANS1, *
* you may also need to change the AUTH_HLQ TPARAM setting. *
* *
* JCLLIB(HZASANS2/3) contains sample JCL to define RACF SSL *
* Certificates. If you have changes HZASANS2/3, you may also need to *
* change the GSK_KEYRING_FILE and GSK_KEY_LABEL TPARAM settings. *
* *
***********************************************************************
AUTH_HLQ = ZAO
AUTH_UPPERCASE = Y
GSK_KEYRING_FILE = ZAO_KEYRING
GSK_KEY_LABEL = ZAOCERT Note: The RACF® ID can be an existing RACF® group
(which user IDs have been connected to) and/or existing RACF®
user IDs.
If your z/OS® system has been set up to use
a third party alternative to RACF®, you must define comparable
settings in your third party security
product.
/*--------------------------------------------------------------*/
/* ZAO ANALYZER DATABASE PROFILES */
/*--------------------------------------------------------------*/
RDELETE FACILITY ZAO.DB.AU*
RDEFINE FACILITY ZAO.DB.AU* UACC(NONE)
PERMIT ZAO.DB.AU* ACCESS(READ) -
CLASS(FACILITY) ID(ZAOADM,ZAOUSR,AUID001)
RDELETE FACILITY ZAO.DB.*
RDEFINE FACILITY ZAO.DB.* UACC(NONE)
PERMIT ZAO.DB.* ACCESS(READ) -
CLASS(FACILITY) ID(ZAOADM,ZAOUSR)
PERMIT ZAO.DB.* ACCESS(NONE) -
CLASS(FACILITY) ID(AUID001)
/*--------------------------------------------------------------*
/* ZAO ANALYZER MENU PROFILES *
/*--------------------------------------------------------------*
RDELETE FACILITY ZAO.MENU.ASSET
RDEFINE FACILITY ZAO.MENU.ASSET UACC(NONE)
PERMIT ZAO.MENU.ASSET ACCESS(READ) -
CLASS(FACILITY) ID(ZAOADM,ZAOUSR,AUID001)
RDELETE FACILITY ZAO.MENU.DISC
RDEFINE FACILITY ZAO.MENU.DISC UACC(NONE)
PERMIT ZAO.MENU.DISC ACCESS(READ) -
CLASS(FACILITY) ID(ZAOADM,ZAOUSR)
RDELETE FACILITY ZAO.MENU.ADMIN
RDEFINE FACILITY ZAO.MENU.ADMIN UACC(NONE)
PERMIT ZAO.MENU.ADMIN ACCESS(READ) -
CLASS(FACILITY) ID(ZAOADM)
RDELETE FACILITY ZAO.MENU.ADMIN.LIB_CLASSIFICATION
RDEFINE FACILITY ZAO.MENU.ADMIN.LIB_CLASSIFICATION UACC(NONE)
PERMIT ZAO.MENU.ADMIN.LIB_CLASSIFICATION ACCESS(READ) -
CLASS(FACILITY) ID(ZAOADM)
RDELETE FACILITY ZAO.MENU.CUSTOM
RDEFINE FACILITY ZAO.MENU.CUSTOM UACC(NONE)
PERMIT ZAO.MENU.CUSTOM ACCESS(READ) -
CLASS(FACILITY) ID(ZAOADM,ZAOUSR)
SETROPTS RACLIST(FACILITY) REFRESH