The CAZRACON utility will extract all the RACF profiles that contain the specified STCID prefix. From the extracted information, RACF RDEFINE commands are generated for defining the corresponding sysplex profiles. More specifically, for each extracted profile, new profiles are created with the system names replacing the STCID as the first qualifier. A profile is created for each sysname specified.
The FROM parameter is used on the RDEF command to copy the attributes of the old profile, including the authorization list.
RACF RDELETE commands are also generated to delete the old profiles. The RDEL commands are written as comments. Remove the comment characters /* before you submit the job.
Depending on the sysplex installation, duplicate RDEF commands can be generated for a specific system name. This can happen when the utility is run for multiple Application Performance Analyzer instances in the sysplex, and two or more of the instances have common target systems. In this case, you must decide which RDEF commands best suit your sysplex environment. Additionally, you might need to alter the authorization lists.
Suppose the sysplex consists of two systems, SYSA and SYSB, with an Application Performance Analyzer instance on each system, CAZA and CAZB, respectively. Both systems are valid targets for both CAZA and CAZB.
The existing RACF profiles in the FACILITY class are:
CAZA.VIEW.USER123
CAZA.MEASURE.JOB.JOB123
CAZB.VIEW.USER123
CAZB.MEASURE.JOB.JOB123
When the CAZRACON utility is run for CAZA with the following command,
CAZRACON STCID=CAZA
SYSNAMES=(SYSA,SYSB)
CLASS=CAZCLASS
DSN=CAZA.COMMANDS
the following output is written to data set tsoprefix.CAZA.COMMANDS:
(INSERT JOB CARD)
//*
//* Create RACF Profiles for Sysplex security enhancements.
//*
//TSO EXEC PGM=IKJEFT01,DYNAMNBR=20
//SYSTSPRT DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSUDUMP DD SYSOUT=*
//SYSTSIN DD *
RDEF CAZCLASS SYSA.VIEW.USER123 FROM(CAZA.VIEW.USER123) -
FCLASS(FACILITY)
RDEF CAZCLASS SYSB.VIEW.USER123 FROM(CAZA.VIEW.USER123) -
FCLASS(FACILITY)
RDEF CAZCLASS SYSA.MEASURE.JOB.JOB123 FROM(CAZA.MEASURE.JOB.JOB123) -
FCLASS(FACILITY)
RDEF CAZCLASS SYSB.MEASURE.JOB.JOB123 FROM(CAZA.MEASURE.JOB.JOB123)-
FCLASS(FACILITY)
/* RDEL FACILITY CAZA.VIEW.USER123
/* RDEL FACILITY CAZA.MEASURE.JOB.JOB123
/*
//
When the utility is run for CAZB with the following command,
CAZRACON STCID=CAZB
SYSNAMES=(SYSA,SYSB)
CLASS=CAZCLASS
DSN=CAZB.COMMANDS
the following output is written to data set tsoprefix.CAZB.COMMANDS:
(INSERT JOB CARD)
//*
//* Create RACF Profiles for Sysplex security enhancements.
//*
//TSO EXEC PGM=IKJEFT01,DYNAMNBR=20
//SYSTSPRT DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSUDUMP DD SYSOUT=*
//SYSTSIN DD *
RDEF CAZCLASS SYSA.VIEW.USER123 FROM(CAZB.VIEW.USER123) -
FCLASS(FACILITY)
RDEF CAZCLASS SYSB.VIEW.USER123 FROM(CAZB.VIEW.USER123) -
FCLASS(FACILITY)
RDEF CAZCLASS SYSA.MEASURE.JOB.JOB123 FROM(CAZB.MEASURE.JOB.JOB123) -
FCLASS(FACILITY)
RDEF CAZCLASS SYSB.MEASURE.JOB.JOB123 FROM(CAZB.MEASURE.JOB.JOB123)-
FCLASS(FACILITY)
/* RDEL FACILITY CAZB.VIEW.USER123
/* RDEL FACILITY CAZB.MEASURE.JOB.JOB123
/*
//
Notice that there are RDEF commands in each output data set for the same profiles from two different sources. If the source profiles have the same authorization lists, then either can be used; otherwise, you need to determine which commands to use and whether any changes to the authorization lists are required.
[ Top of Page | Previous Page | Next Page | Contents | Index ]