Top Secret Liberty Server / GUI to GDPS Metro product. RACF Command conversion
Article ID: 76389
Updated On:
Products
Top Secret
Issue/Introduction
RACF to Top Secret converted commands to set up the Liberty Server. Liberty Server is used in the set up of z/OS CONNECT and other applications/products.
RACF to Top Secret converted commands to set up GUI to our GDPS Metro product.
Environment
Release: TOPSEC00200-15.0-Top Secret-Security
Component:
Component:
Resolution
RDEL STARTED BAQSTRT*
RDEL STARTED BAQANGL*
The above statements mean to DELETE RACF profiles belonging to classes specified in the class descriptor table. Unless you have used these resources before they probably do not exist. The Top Secret equivelant is:
TSS REMOVE(RDT) RESCLASS( BAQSTRT)
TSS REMOVE(RDT) RESCLASS(BAQANGL)
/* Add required RACF GROUPS */
ADDGROUP LIBGRP OMVS(AUTOGID) OWNER(SYS1) SUPGROUP(SYS1)
ADDGROUP GADMIN OMVS(AUTOGID) OWNER(SYS1) SUPGROUP(SYS1)
ADDGROUP GOPER OMVS(AUTOGID) OWNER(SYS1) SUPGROUP(SYS1)
ADDGROUP GINVOKE OMVS(AUTOGID) OWNER(SYS1) SUPGROUP(SYS1)
ADDGROUP GREAD OMVS(AUTOGID) OWNER(SYS1) SUPGROUP(SYS1)
The above commands and future commands assume that you are using AUTOUID and AUTOGID. If you are not using AUTOUID or AUTOGID then you will have to give each a value.
TSS CREATE(LIBGRP) TYPE(GROUP) NAME('LIBERTY GROUP') DEPT(dept)
TSS CREATE(GADMIN) TYPE(GROUP) NAME('GADMIN GROUP') DEPT(dept)
TSS CREATE(GOPER) TYPE(GROUP) NAME('GOPER GROUP') DEPT(dept)
TSS CREATE(GINVOKE) TYPE(GROUP) NAME('GINVOKE GROUP') DEPT(dept)
TSS CREATE(GREAD) TYPE(GROUP) NAME('GREAD GROUP') DEPT(dept)
/* Add required RACF USERS */
ADDUSER LIBANGE DFLTGRP(LIBGRP) OMVS(AUTOUID HOME(/u/LIBANGE/) PROGRAM(/bin/sh)) NAME
('LIBERTY ANGEL') NOPASSWORD NOOIDCARD
TSS CREATE(LIBANGE) TYPE(USER) NAME('LIBERTY ANGEL') DEPT(dept) PASS(NOPW,0)
TSS ADD(LIBANGE) HOME(/u/LIBANGE/) OMVSPGM(/bin/sh) GROUP(LIBGRP) DFLTGRP(LIBGRP)
/* ---------------------------------------------------------- */
ADDUSER LIBSERV DFLTGRP(LIBGRP) OMVS(AUTOUID HOME(/u/LIBSERV/) PROGRAM(/bin/sh)) NAME('LIBERTY SERVER')
TSS CREATE(LIBSERV) TYPE(USER) NAME('LIBERTY SERVER') DEPT(dept) PASS(NOPW,0)
TSS ADD(LIBSERV) HOME(/u/LIBSERV/) GROUP(LIBGRP) DFLTGRP(LIBGRP) OMVSPGM(/bin/sh)
/* ---------------------------------------------------------- */
ALTUSER LIBSERV PASSWORD(LIBSERV) NOEXPIRED
/* Add required RACF RESOURCES */
RDEFINE STARTED BAQSTRT* UACC(NONE) -
STDATA(USER(LIBSERV) GROUP(LIBGRP) -
PRIVILEGED(NO) TRUSTED(NO) TRACE(YES))
TSS ADD(STC) PROCNAME(BAQSTRT) ACID(LIBSERV)
TSS ADD(LIBSERV) FAC(STC)
/* ---------------------------------------------------------- */
RDEFINE STARTED BAQANGL* UACC(NONE) -
STDATA(USER(LIBANGE) GROUP(LIBGRP) -
PRIVILEGED(NO) TRUSTED(NO) TRACE(YES))
TSS ADD(STC) PROCNAME(BAQANGL) ACID(LIBANGE)
TSS ADD(LIBANGE) FAC(STC)
/* ---------------------------------------------------------- */
SETROPTS RACLIST(STARTED) REFRESH
/* Add SURROGAT USER */
RDEFINE SURROGAT BPX.SRV.LIBSERV
PERMIT BPX.SRV.LIBSERV CLASS(SURROGAT) ID(TECH07) ACC(READ)
SETROPTS RACLIST(SURROGAT) REFRESH
TSS ADD(dept) SURROGAT(BPX.) ==> Most likely already defined.
TSS PERMIT(TECH07) SURROGAT(BPX.SRV.LIBSERV) ACCESS(READ)
The above command assumes you have already created a user TECH07.
/* Defin Angel Server --------------------------------------- */
RDEF SERVER BBG.ANGEL.ZANGEL UACC(NONE) OWNER(SYS1)
PERMIT BBG.ANGEL.ZANGEL CLASS(SERVER) ACCESS(READ) ID(LIBSERV)
RDEF SERVER BBG.AUTHMOD.BBGZSAFM UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSAFM CLASS(SERVER) ACCESS(READ) ID(LIBSERV)
TSS ADD(SYS1 or dept) SERVER(BBG.)
TSS PERMIT(LIBSER) SERVER(BBG.ANGEL.ZANGEL) ACCESS(READ)
TSS PERMIT(LIBSERV) SERVER(BBG.AUTHMOD.BBGZSAFM) ACCESS(READ)
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.PRODMGR UACC(NONE)
PERMIT BBG.AUTHMOD.BBGZSAFM.PRODMGR CLASS(SERVER) -
ACCESS(READ) ID(LIBSERV)
TSS PERMIT(LIBSERV) SERVER(BBG.AUTHMOD.BBGZSAFM.PRODMGR) ACCESS(READ)
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.SAFCRED UACC(NONE)
PERMIT BBG.AUTHMOD.BBGZSAFM.SAFCRED CLASS(SERVER) -
ACCESS(READ) ID(LIBSERV)
TSS PERMIT(LIBSERV) SERVER(BBG.AUTHMOD.BBGZSAFM.SAFCRED) ACCESS(READ)
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.SAFCRED UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSAFM.SAFCRED CLASS(SERVER) ACCESS(READ) -
ID(LIBSERV)
Done Above
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.ZOSWLM UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSWLM CLASS(SERVER) ACCESS(READ)
ID(LIBSERV)
TSS PERMIT(LIBSERV) SERER(BBG.AUTHMOD.BBGZSAFM.ZOSWLM) ACCESS(READ)
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.TXRRS UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSAFM.TXRRS CLASS(SERVER) ACCESS(READ) -
ID(LIBSERV)
TSS PERMIT(LIBSERV) SERER(BBG.AUTHMOD.BBGZSAFM.TXRRS) ACCESS(READ)
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.ZOSDUMP UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSDUMP CLASS(SERVER) ACCESS(READ) ID(LIBSERV)
TSS PERMIT(LIBSERV) SERER(BBG.AUTHMOD.BBGZSAFM.ZOSDUMP) ACCESS(READ)
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.LOCALCOM UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSAFM.LOCALCOM CLASS(SERVER) ACCESS(READ) ID(LIBSERV)
RDEF SERVER BBG.AUTHMOD.BBGZSCFM UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSCFM CLASS(SERVER) ACCESS(READ) ID(LIBSERV)
RDEF SERVER BBG.SECPFX.BBGZDFLT UACC(NONE) OWNER(SYS1)
PERMIT BBG.SECPFX.BBGZDFLT CLASS(SERVER) ACCESS(READ) -
ID(LIBSERV)
TSS PERMIT(LIBSERV) SERER(BBG.AUTHMOD.BBGZSAFM.LOCALCOM) ACCESS(READ)
TSS PERMIT(LIBSERV) SERER(BBG.AUTHMOD.BBGZSCFM) ACCESS(READ)
TSS PERMIT(LIBSERV) SERER(BBG.SECPFX.BBGZDFLT) ACCESS(READ)
/* ---------------------------------------------------------- */
ADDGROUP WSGUESTG OMVS(AUTOGID) OWNER(SYS1)
ADDUSER WSGUEST RESTRICTED DFLTGRP(WSGUESTG) OMVS(AUTOUID -
HOME(/u/wsguest) PROGRAM(/bin/sh)) NAME('UNAUTHENTICATED USER') -
NOPASSWORD NOOIDCARD
RDEFINE APPL BBGZDFLT UACC(NONE) OWNER(SYS1)
PERMIT BBGZDFLT CLASS(APPL) RESET
PERMIT BBGZDFLT CLASS(APPL) ACCESS(READ) ID(WSGUEST)
RALT APPL BBGZDFLT UACC(READ)
TSS CREATE(WSGUESTG) TYPE(GROUP) NAME('WSGROUP') DEPT(dept)
TSS CREATE(WSGUEST) TYPE(USER) NAME('UNAUTHENTICATED USER') DEPT(dept) PASS(NOPW,0)
TSS ADD(WSGUEST) HOME(/u/wsguest) OMVSPGM(/bin/sh) GROUP(WSGUESTG) DFLTGRP(WSGUESTG)
TSS ADD(dept) APPL(BBGZDFLT)
TSS PERMIT(WSGUST) APPL(BBGZDFLT) ACCESS(READ)
/* ---------------------------------------------------------- */
SETROPTS RACLIST(SERVER) REFRESH
RDEL STARTED BAQANGL*
The above statements mean to DELETE RACF profiles belonging to classes specified in the class descriptor table. Unless you have used these resources before they probably do not exist. The Top Secret equivelant is:
TSS REMOVE(RDT) RESCLASS( BAQSTRT)
TSS REMOVE(RDT) RESCLASS(BAQANGL)
/* Add required RACF GROUPS */
ADDGROUP LIBGRP OMVS(AUTOGID) OWNER(SYS1) SUPGROUP(SYS1)
ADDGROUP GADMIN OMVS(AUTOGID) OWNER(SYS1) SUPGROUP(SYS1)
ADDGROUP GOPER OMVS(AUTOGID) OWNER(SYS1) SUPGROUP(SYS1)
ADDGROUP GINVOKE OMVS(AUTOGID) OWNER(SYS1) SUPGROUP(SYS1)
ADDGROUP GREAD OMVS(AUTOGID) OWNER(SYS1) SUPGROUP(SYS1)
The above commands and future commands assume that you are using AUTOUID and AUTOGID. If you are not using AUTOUID or AUTOGID then you will have to give each a value.
TSS CREATE(LIBGRP) TYPE(GROUP) NAME('LIBERTY GROUP') DEPT(dept)
TSS CREATE(GADMIN) TYPE(GROUP) NAME('GADMIN GROUP') DEPT(dept)
TSS CREATE(GOPER) TYPE(GROUP) NAME('GOPER GROUP') DEPT(dept)
TSS CREATE(GINVOKE) TYPE(GROUP) NAME('GINVOKE GROUP') DEPT(dept)
TSS CREATE(GREAD) TYPE(GROUP) NAME('GREAD GROUP') DEPT(dept)
/* Add required RACF USERS */
ADDUSER LIBANGE DFLTGRP(LIBGRP) OMVS(AUTOUID HOME(/u/LIBANGE/) PROGRAM(/bin/sh)) NAME
('LIBERTY ANGEL') NOPASSWORD NOOIDCARD
TSS CREATE(LIBANGE) TYPE(USER) NAME('LIBERTY ANGEL') DEPT(dept) PASS(NOPW,0)
TSS ADD(LIBANGE) HOME(/u/LIBANGE/) OMVSPGM(/bin/sh) GROUP(LIBGRP) DFLTGRP(LIBGRP)
/* ---------------------------------------------------------- */
ADDUSER LIBSERV DFLTGRP(LIBGRP) OMVS(AUTOUID HOME(/u/LIBSERV/) PROGRAM(/bin/sh)) NAME('LIBERTY SERVER')
TSS CREATE(LIBSERV) TYPE(USER) NAME('LIBERTY SERVER') DEPT(dept) PASS(NOPW,0)
TSS ADD(LIBSERV) HOME(/u/LIBSERV/) GROUP(LIBGRP) DFLTGRP(LIBGRP) OMVSPGM(/bin/sh)
/* ---------------------------------------------------------- */
ALTUSER LIBSERV PASSWORD(LIBSERV) NOEXPIRED
/* Add required RACF RESOURCES */
RDEFINE STARTED BAQSTRT* UACC(NONE) -
STDATA(USER(LIBSERV) GROUP(LIBGRP) -
PRIVILEGED(NO) TRUSTED(NO) TRACE(YES))
TSS ADD(STC) PROCNAME(BAQSTRT) ACID(LIBSERV)
TSS ADD(LIBSERV) FAC(STC)
/* ---------------------------------------------------------- */
RDEFINE STARTED BAQANGL* UACC(NONE) -
STDATA(USER(LIBANGE) GROUP(LIBGRP) -
PRIVILEGED(NO) TRUSTED(NO) TRACE(YES))
TSS ADD(STC) PROCNAME(BAQANGL) ACID(LIBANGE)
TSS ADD(LIBANGE) FAC(STC)
/* ---------------------------------------------------------- */
SETROPTS RACLIST(STARTED) REFRESH
/* Add SURROGAT USER */
RDEFINE SURROGAT BPX.SRV.LIBSERV
PERMIT BPX.SRV.LIBSERV CLASS(SURROGAT) ID(TECH07) ACC(READ)
SETROPTS RACLIST(SURROGAT) REFRESH
TSS ADD(dept) SURROGAT(BPX.) ==> Most likely already defined.
TSS PERMIT(TECH07) SURROGAT(BPX.SRV.LIBSERV) ACCESS(READ)
The above command assumes you have already created a user TECH07.
/* Defin Angel Server --------------------------------------- */
RDEF SERVER BBG.ANGEL.ZANGEL UACC(NONE) OWNER(SYS1)
PERMIT BBG.ANGEL.ZANGEL CLASS(SERVER) ACCESS(READ) ID(LIBSERV)
RDEF SERVER BBG.AUTHMOD.BBGZSAFM UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSAFM CLASS(SERVER) ACCESS(READ) ID(LIBSERV)
TSS ADD(SYS1 or dept) SERVER(BBG.)
TSS PERMIT(LIBSER) SERVER(BBG.ANGEL.ZANGEL) ACCESS(READ)
TSS PERMIT(LIBSERV) SERVER(BBG.AUTHMOD.BBGZSAFM) ACCESS(READ)
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.PRODMGR UACC(NONE)
PERMIT BBG.AUTHMOD.BBGZSAFM.PRODMGR CLASS(SERVER) -
ACCESS(READ) ID(LIBSERV)
TSS PERMIT(LIBSERV) SERVER(BBG.AUTHMOD.BBGZSAFM.PRODMGR) ACCESS(READ)
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.SAFCRED UACC(NONE)
PERMIT BBG.AUTHMOD.BBGZSAFM.SAFCRED CLASS(SERVER) -
ACCESS(READ) ID(LIBSERV)
TSS PERMIT(LIBSERV) SERVER(BBG.AUTHMOD.BBGZSAFM.SAFCRED) ACCESS(READ)
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.SAFCRED UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSAFM.SAFCRED CLASS(SERVER) ACCESS(READ) -
ID(LIBSERV)
Done Above
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.ZOSWLM UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSWLM CLASS(SERVER) ACCESS(READ)
ID(LIBSERV)
TSS PERMIT(LIBSERV) SERER(BBG.AUTHMOD.BBGZSAFM.ZOSWLM) ACCESS(READ)
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.TXRRS UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSAFM.TXRRS CLASS(SERVER) ACCESS(READ) -
ID(LIBSERV)
TSS PERMIT(LIBSERV) SERER(BBG.AUTHMOD.BBGZSAFM.TXRRS) ACCESS(READ)
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.ZOSDUMP UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSAFM.ZOSDUMP CLASS(SERVER) ACCESS(READ) ID(LIBSERV)
TSS PERMIT(LIBSERV) SERER(BBG.AUTHMOD.BBGZSAFM.ZOSDUMP) ACCESS(READ)
/* ---------------------------------------------------------- */
RDEF SERVER BBG.AUTHMOD.BBGZSAFM.LOCALCOM UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSAFM.LOCALCOM CLASS(SERVER) ACCESS(READ) ID(LIBSERV)
RDEF SERVER BBG.AUTHMOD.BBGZSCFM UACC(NONE) OWNER(SYS1)
PERMIT BBG.AUTHMOD.BBGZSCFM CLASS(SERVER) ACCESS(READ) ID(LIBSERV)
RDEF SERVER BBG.SECPFX.BBGZDFLT UACC(NONE) OWNER(SYS1)
PERMIT BBG.SECPFX.BBGZDFLT CLASS(SERVER) ACCESS(READ) -
ID(LIBSERV)
TSS PERMIT(LIBSERV) SERER(BBG.AUTHMOD.BBGZSAFM.LOCALCOM) ACCESS(READ)
TSS PERMIT(LIBSERV) SERER(BBG.AUTHMOD.BBGZSCFM) ACCESS(READ)
TSS PERMIT(LIBSERV) SERER(BBG.SECPFX.BBGZDFLT) ACCESS(READ)
/* ---------------------------------------------------------- */
ADDGROUP WSGUESTG OMVS(AUTOGID) OWNER(SYS1)
ADDUSER WSGUEST RESTRICTED DFLTGRP(WSGUESTG) OMVS(AUTOUID -
HOME(/u/wsguest) PROGRAM(/bin/sh)) NAME('UNAUTHENTICATED USER') -
NOPASSWORD NOOIDCARD
RDEFINE APPL BBGZDFLT UACC(NONE) OWNER(SYS1)
PERMIT BBGZDFLT CLASS(APPL) RESET
PERMIT BBGZDFLT CLASS(APPL) ACCESS(READ) ID(WSGUEST)
RALT APPL BBGZDFLT UACC(READ)
TSS CREATE(WSGUESTG) TYPE(GROUP) NAME('WSGROUP') DEPT(dept)
TSS CREATE(WSGUEST) TYPE(USER) NAME('UNAUTHENTICATED USER') DEPT(dept) PASS(NOPW,0)
TSS ADD(WSGUEST) HOME(/u/wsguest) OMVSPGM(/bin/sh) GROUP(WSGUESTG) DFLTGRP(WSGUESTG)
TSS ADD(dept) APPL(BBGZDFLT)
TSS PERMIT(WSGUST) APPL(BBGZDFLT) ACCESS(READ)
/* ---------------------------------------------------------- */
SETROPTS RACLIST(SERVER) REFRESH
Feedback
Yes
No
Powered by
