Application Performance Analyzer for z/OS, Version 11.1, Customization Guide

Parameters

STCID=stcid
SYSNAMES=system_name | SYSNAMES=(system_name,system_name,....)
DSN=output_dataset_name
CLASS=RACF_class

The CAZRACON utility will extract all the RACF profiles that contain the specified STCID prefix. From the extracted information, RACF RDEFINE commands are generated for defining the corresponding sysplex profiles. More specifically, for each extracted profile, new profiles are created with the system names replacing the STCID as the first qualifier. A profile is created for each sysname specified.

The FROM parameter is used on the RDEF command to copy the attributes of the old profile, including the authorization list.

Note:
Be aware that the RDEF command with the FROM parameter does not guarantee that the new profile is identical to the old profile, minor differences can occur. See the IBM z/OS Security Server RACF Command Language Reference, (SA22-7687), for details.

RACF RDELETE commands are also generated to delete the old profiles. The RDEL commands are written as comments. Remove the comment characters /* before you submit the job.

Depending on the sysplex installation, duplicate RDEF commands can be generated for a specific system name. This can happen when the utility is run for multiple Application Performance Analyzer instances in the sysplex, and two or more of the instances have common target systems. In this case, you must decide which RDEF commands best suit your sysplex environment. Additionally, you might need to alter the authorization lists.

Examples

Suppose the sysplex consists of two systems, SYSA and SYSB, with an Application Performance Analyzer instance on each system, CAZA and CAZB, respectively. Both systems are valid targets for both CAZA and CAZB.

The existing RACF profiles in the FACILITY class are:

CAZA.VIEW.USER123
CAZA.MEASURE.JOB.JOB123

CAZB.VIEW.USER123
CAZB.MEASURE.JOB.JOB123

When the CAZRACON utility is run for CAZA with the following command,

CAZRACON STCID=CAZA 
         SYSNAMES=(SYSA,SYSB) 
         CLASS=CAZCLASS 
         DSN=CAZA.COMMANDS

the following output is written to data set tsoprefix.CAZA.COMMANDS:

        (INSERT JOB CARD)                                   
//*                                                       
//* Create RACF Profiles for Sysplex security enhancements.    
//*                                                       
//TSO      EXEC PGM=IKJEFT01,DYNAMNBR=20                  
//SYSTSPRT DD  SYSOUT=*                                   
//SYSPRINT DD  SYSOUT=*                                   
//SYSUDUMP DD  SYSOUT=*                                   
//SYSTSIN  DD  *                                          
 RDEF CAZCLASS SYSA.VIEW.USER123 FROM(CAZA.VIEW.USER123) -
       FCLASS(FACILITY)    
 RDEF CAZCLASS SYSB.VIEW.USER123 FROM(CAZA.VIEW.USER123) -
       FCLASS(FACILITY)   
 
 RDEF CAZCLASS SYSA.MEASURE.JOB.JOB123 FROM(CAZA.MEASURE.JOB.JOB123) -
       FCLASS(FACILITY)    
 RDEF CAZCLASS SYSB.MEASURE.JOB.JOB123 FROM(CAZA.MEASURE.JOB.JOB123)-
       FCLASS(FACILITY)   

 /* RDEL FACILITY CAZA.VIEW.USER123
 /* RDEL FACILITY CAZA.MEASURE.JOB.JOB123
/*
//

When the utility is run for CAZB with the following command,

CAZRACON STCID=CAZB 
         SYSNAMES=(SYSA,SYSB) 
         CLASS=CAZCLASS
         DSN=CAZB.COMMANDS

the following output is written to data set tsoprefix.CAZB.COMMANDS:

        (INSERT JOB CARD)                                   
//*                                                       
//* Create RACF Profiles for Sysplex security enhancements.    
//*                                                       
//TSO      EXEC PGM=IKJEFT01,DYNAMNBR=20                  
//SYSTSPRT DD  SYSOUT=*                                   
//SYSPRINT DD  SYSOUT=*                                   
//SYSUDUMP DD  SYSOUT=*                                   
//SYSTSIN  DD  *                                          
 RDEF CAZCLASS SYSA.VIEW.USER123 FROM(CAZB.VIEW.USER123) -
       FCLASS(FACILITY)    
 RDEF CAZCLASS SYSB.VIEW.USER123 FROM(CAZB.VIEW.USER123) -
       FCLASS(FACILITY)   
 
 RDEF CAZCLASS SYSA.MEASURE.JOB.JOB123 FROM(CAZB.MEASURE.JOB.JOB123) -
       FCLASS(FACILITY)    
 RDEF CAZCLASS SYSB.MEASURE.JOB.JOB123 FROM(CAZB.MEASURE.JOB.JOB123)-
       FCLASS(FACILITY)   

 /* RDEL FACILITY CAZB.VIEW.USER123
 /* RDEL FACILITY CAZB.MEASURE.JOB.JOB123
/*
//

Notice that there are RDEF commands in each output data set for the same profiles from two different sources. If the source profiles have the same authorization lists, then either can be used; otherwise, you need to determine which commands to use and whether any changes to the authorization lists are required.




Rate this page

[ Top of Page | Previous Page | Next Page | Contents | Index ]