KB Article #175907
CA Top-Secret commands for CFT Internal AM & Habilitation
Problem
--Enabling CFT Internal AM with CA TSS (Top Secret)--Enabling CFT Habilitation when with CA TSS (Top Secret)
--Most provided JCLs and Samples are SAF or RACF oriented
Resolution
--See below commands that will help to turn on the CFT Internal AM or the Habilitation when CA TSS is used in place of RACF.------ TSS for CFT (Internal AM and HABILITATION if required) -------
Here are the Top Secret definitions for CFT to enable Internal AM or/and Habilitation:
TSS ADD(RDT) RECSLASS(safcftcl) RECSODE(xx) MAXLEN(246) DEFACC(NONE) -
ATTR(GENERIC) ACLST(ALL,CONTROL,NONE)
You can create a new department for ownership of these resources:
TSS CREATE(CFTDEPT) TYPE(DEPT) NAME(CFT OWNER DEPT)
Then add profiles for permissions:
TSS CREATE(grpcft) TYPE(PROFILE) NAME(CFT ADMINISTRATOR GROUP)
TSS CREATE(grpmon) TYPE(PROFILE) NAME(CFT MONITOR GROUP)
TSS CREATE(grpaprm) TYPE(PROFILE) NAME(CFT ALL PARAMETERS GROUP)
TSS CREATE(grpfprm) TYPE(PROFILE) NAME(CFT FILE PARMS GROUP)
TSS CREATE(grpdesk) TYPE(PROFILE) NAME(CFT HELP DESK GROUP)
TSS CREATE(grptrf) TYPE(PROFILE) NAME(CFT TRANSFER GROUP)
TSS ADD(CFTDEPT) DSN(CFTV2.)
TSS PERMIT(ALL) DSN(CFTV2.) ACCESS(UPDATE)
TSS PERMIT(grpcft) DSN(CFTV2.) ACCESS(ALTER)
TSS ADD(cftdept) safcftcl(CFT)
TSS ADD(cftdept) safcftcl(SHUT.)
TSS ADD(cftdept) safcftcl(SWT_)
TSS ADD(cftdept) safcftcl(INACT.)
TSS ADD(cftdept) safcftcl(ACT.)
TSS ADD(cftdept) safcftcl(MQUERY.)
TSS ADD(cftdept) safcftcl(ALL_)
TSS ADD(cftdept) safcftcl(APPL.)
TSS ADD(cftdept) safcftcl(VFMFILE.)
TSS ADD(cftdept) safcftcl(TRANSFER.)
TSS ADD(cftdept) safcftcl(COMMUT.)
TSS ADD(cftdept) safcftcl(MESSAGE.)
TSS PERMIT(grpcft) safcftcl(CFTaccnt.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTaccnt.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTCAT.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTCAT.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTCOM.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTCOM.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTLOG.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTLOG.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTNET.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTNET.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTPARM.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTPARM.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTPROT.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTPROT.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTAUTH.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTAUTH.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTEXIT.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTEXIT.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTRECV.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTRECV.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTSEND.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTSEND.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTSENDI.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTSENDI.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTXLATE.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTXLATE.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTIDF.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTIDF.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTETB.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTETB.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTAPPL.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTAPPL.) ACCESS(CONTROL)
/********************* PARTNER COMMAND DEFINITIONS */
TSS PERMIT(grpcft) safcftcl(CFTPART.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTPART.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTX25.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTX25.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTTCP.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTTCP.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTLU62.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTLU62.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTSNA.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTSNA.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(CFTDEST.) ACCESS(CONTROL)
TSS PERMIT(grpaprm) safcftcl(CFTDEST.) ACCESS(CONTROL)
/************************** CFT COMMAND DEFINITIONS */)
TSS PERMIT(grpcft) safcftcl(SHUT.) ACCESS(CONTROL)
TSS PERMIT(grpdesk) safcftcl(SHUT.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(LOG.) ACCESS(CONTROL)
TSS PERMIT(grpdesk) safcftcl(LOG.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(SWT_ACNT.) ACCESS(CONTROL)
TSS PERMIT(grpdesk) safcftcl(SWT_ACNT.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(INACT.) ACCESS(CONTROL)
TSS PERMIT(grpdesk) safcftcl(INACT.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(ACT.) ACCESS(CONTROL)
TSS PERMIT(grpdesk) safcftcl(ACT.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(MQUERY.) ACCESS(CONTROL)
TSS PERMIT(grpdesk) safcftcl(MQUERY.) ACCESS(CONTROL)
/********************* OPERATOR COMMAND DEFINITIONS */
TSS PERMIT(grpcft) safcftcl(CAT.) ACCESS(CONTROL)
TSS PERMIT(grpdesk) safcftcl(CAT.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(ALL_COM.) ACCESS(CONTROL)
TSS PERMIT(grpdesk) safcftcl(ALL_COM.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(ALL_PARM.) ACCESS(CONTROL)
TSS PERMIT(grpdesk) safcftcl(ALL_PARM.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(ALL_PART.) ACCESS(CONTROL)
TSS PERMIT(grpdesk) safcftcl(ALL_PART.) ACCESS(CONTROL)
/************************** APPL COMMAND DEFINITIONS */
TSS PERMIT(grpcft) safcftcl(APPL.) ACCESS(CONTROL)
/****************************** TRANSFER DEFINITIONS */
TSS PERMIT(grpcft) safcftcl(TRANSFER.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(COMMUT.) ACCESS(CONTROL)
/***************************** MESSAGE DEFINITIONS */
TSS PERMIT(grpcft) safcftcl(MESSAGE.) ACCESS(CONTROL)
/****************************** VFM FILE DEFINITIONS */
TSS PERMIT(grpcft) safcftcl(VMFFILE.) ACCESS(CONTROL)
TSS PERMIT(grpmon) safcftcl(VMFFILE.) ACCESS(CONTROL)
TSS PERMIT(grpcft) safcftcl(ALL_VMF.) ACCESS(CONTROL)
TSS PERMIT(grpmon) safcftcl(ALL_VMF.) ACCESS(CONTROL)
All users that are to be given the above group accesses just need to have the profile added to their acids:
TSS ADD(user01) PROFILE(grpcft)
...
TSS ADD(user02) PROFILE(grpmon)
...