Db2 Tools for zOS

Db2 Tools for z/OS

Connect with Db2, Informix, Netezza, open source, and other data experts to gain value from your data, share insights, and solve problems.

 View Only

  • 1.  RACF DVM Security profile definitions

    Posted Thu March 11, 2021 01:27 PM
    We began using DVM with ACF2 and are converting to RACF and moving old ACF2 environment applications across to the RACF systems.

    Whereas ACF2 barely noticed DVM was running, RACF requires definitions or returns RESOURCE NOT DEFINED and fails the effort.

    We defined the RACF class dynamically in the class descriptor table, then were instructed to define profiles for the class as follows :

    RDEFINE RAVZ ADATRACE UACC(NONE)
    RDEFINE RAVZ ATHZOOM UACC(NONE)
    RDEFINE RAVZ CONTROLBLOCKS UACC(NONE)
    RDEFINE RAVZ CICSCONNECTIONS UACC(NONE)
    RDEFINE RAVZ DATABASES UACC(NONE)
    RDEFINE RAVZ DATAMAP UACC(NONE)
    RDEFINE RAVZ GLOBALS UACC(NONE)
    RDEFINE RAVZ LINKS UACC(NONE)
    RDEFINE RAVZ PARMS UACC(NONE)
    RDEFINE RAVZ TOKENS UACC(NONE)
    RDEFINE RAVZ TRACEBROWSE UACC(NONE)
    etc.

    these are documented via FACILITY class in the SAVZCNTL(AVZRARES) member

    each profile which is longer than 8 characters returns 
    RDEFINE RAVZ CONTROLBLOCKS UACC(NONE)
    INVALID ENTITY, CONTROLBLOCKS

    Looking for thoughts on what causes this and any RACF parameters / settings which could be causing us to fail when it obviously worked at Rocket.

    Thanks,

    Kevin

    ------------------------------
    Kevin Flanagan
    ------------------------------

    #Db2Toolsforz/OS


  • 2.  RE: RACF DVM Security profile definitions

    Posted Wed March 17, 2021 12:59 PM
    What if you specify a MAXLENGTH(16)? 

    I'm curious.  Did you add MODIFY PARM NAME(RESOURCETYPE) VALUE(xxx) to your IN00? I thought that the absence of this parameter would eliminate the need to define profiles.
     

    ------------------------------
    Joe Carroll
    ------------------------------

    Original Message


  • 3.  RE: RACF DVM Security profile definitions

    Posted Wed March 17, 2021 12:59 PM
    Edited by System Admin Fri January 20, 2023 04:11 PM
    ***My original reply didn't seem to come through.  This is basically the same response.

    What if you specify MAXLENGTH(16)?

    Did you modify the IN00 to include MODIFY PARM NAME(RESOURCETYPE) VALUE(xxxx)?  My understanding was that if this parameter was omitted, the profiles would not need to be defined and DVM may act more like your setup under ACF2.

    ------------------------------
    Joe Carroll
    ------------------------------

    Original Message


  • 4.  RE: RACF DVM Security profile definitions

    Posted Wed March 17, 2021 02:40 PM
    Hello, we were able to resolve.

    The issue came from the dynamic definition of the class using SUBMIT class as a model, which had a max length of 8.  The MAXLENGTH was updated in our case to 44 from what my security guy told me, and we were able to define the other profiles to it.

    As to the question on using the default (no RESOURCETYPE statement) that returned RESOURCE NOT PROTECTED or DEFINED or CONTROLLED etc. when doing various tasks past just starting up DVM.  It was after seeing that behavior that I stopped being lazy and had the class defined and profiles, etc.

    Thanks for replying!


    ------------------------------
    Kevin Flanagan
    ------------------------------

    Original Message


Related Content