This task defines the authorization required by the Application Performance Analyzer Listener to invoke RACF digital certificate commands (RACDCERT) to manage digital certificates.
In the previous section ‘Define the AT-TLS Policy Rules' an AT-TLS rule called APAListener was defined. It specified the owner of the rule to be any started task whose job name begins with "LI" (that is, the Application Performance Analyzer Listener started task). The user ID associated with the Application Performance Analyzer Listener started task is used by AT-TLS to invoke RACDCERT commands therefore it must be granted authority to the IRR.DIGTCERT.function resource in the FACILITY class.
In the example below, START2 is the user ID that has been associated with the Application Performance Analyzer Listener started task during the customization of the Application Performance Analyzer Listener. You must replace START2 in the following example with the Application Performance Analyzer Listener user ID defined at your installation.
//RACDCERT EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSUADS DD DSN=SYS1.UADS,DISP=SHR
//SYSLBC DD DSN=SYS1.BRODCAST,DISP=SHR
//SYSTSIN DD *
SETROPTS CLASSACT(DIGTCERT DIGTRING DIGTNMAP)
RDEFINE FACILITY IRR.DIGTCERT.LIST UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.LISTRING UACC(NONE)
RDEFINE FACILITY IRR.DIGTCERT.GENCERT UACC(NONE)
PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(START2) ACCESS(CONTROL)
PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(START2) ACCESS(CONTROL)
PERMIT IRR.DIGTCERT.GENCERT CLASS(FACILITY) ID(START2) ACCESS(CONTROL)
SETROPTS RACLIST (DIGTCERT) REFRESH
SETROPTS RACLIST (DIGTRING) REFRESH
SETROPTS RACLIST (DIGTNMAP) REFRESH
SETROPTS RACLIST (FACILITY) REFRESH
//
[ Top of Page | Previous Page | Next Page | Contents | Index ]