IBM Security Z Security

Hi,

I'd like to specify multiple organisations for use in assertion tests. 

The manual says:

ORGANIZATION  This field determines the name of the organization (max. 32 characters). If none is specified, the default organization is called "Organization."

However I can't see anything that tells me how to  specify these values. Should I be adding statements to a CKACUST member, or is there some other method I should use?

Thanks,

------------------------------
Peter Buckley
------------------------------

Currently there is only a fixed Organization name "Organization" assigned to all security databases., because no customer has expressed exactly what they would want to distinguish there.

If you have an idea what what you want in terms of organization: global set of organizations applying to all security databases,  or different organization (or even set of organizations?)  per security database, it is best put an idea in Aha.

------------------------------
Hans Schoone
Chief Architect zSecure
IBM - zSecure architect
Delft
------------------------------

Original Message:
Sent: Wed March 27, 2024 07:20 AM
From: Peter Buckley
Subject: NEWLIST TYPE=ORGANIZATION

Hi,

I'd like to specify multiple organisations for use in assertion tests. 

The manual says:

ORGANIZATION  This field determines the name of the organization (max. 32 characters). If none is specified, the default organization is called "Organization."

However I can't see anything that tells me how to  specify these values. Should I be adding statements to a CKACUST member, or is there some other method I should use?

Thanks,

------------------------------
Peter Buckley
------------------------------

Apologies, I understood from the manual that this mechanism was already in place: ORGANIZATION - IBM Documentation

"NEWLIST TYPE=ORGANIZATION shows what organizations use a COMPLEX. The record key is VER COMPLEX ORGANIZATION. By default, if no input is provided, there is one organization called "Organization" that includes all complexes."

This implies that there is a way to provide input (otherwise, why say it?).

"There can be more than one organization sharing a single system. All systems that share a security database can typically influence each other because they share DASD. Therefore, the assertion must be made for every organization separately per complex."

This is the rationale, as stated in the manual.

If necessary, I will submit an idea for the product to behave as stated.

------------------------------
Peter Buckley
------------------------------

Original Message:
Sent: Wed March 27, 2024 08:17 AM
From: Hans Schoone
Subject: NEWLIST TYPE=ORGANIZATION

Currently there is only a fixed Organization name "Organization" assigned to all security databases., because no customer has expressed exactly what they would want to distinguish there.

If you have an idea what what you want in terms of organization: global set of organizations applying to all security databases,  or different organization (or even set of organizations?)  per security database, it is best put an idea in Aha.

------------------------------
Hans Schoone
Chief Architect zSecure
IBM - zSecure architect
Delft

Original Message:
Sent: Wed March 27, 2024 07:20 AM
From: Peter Buckley
Subject: NEWLIST TYPE=ORGANIZATION

Hi,

I'd like to specify multiple organisations for use in assertion tests. 

The manual says:

ORGANIZATION  This field determines the name of the organization (max. 32 characters). If none is specified, the default organization is called "Organization."

However I can't see anything that tells me how to  specify these values. Should I be adding statements to a CKACUST member, or is there some other method I should use?

Thanks,

------------------------------
Peter Buckley
------------------------------