Creating the TMEADMIN class to associate a RACF® user ID
About this task
To create the resource class EQQADMIN and map it to a RACF®
user ID, perform the following steps:
- Make sure your operating system has the Security Server feature.
- Create the TMEADMIN class for mapping the administrator ID and host name to the RACF® user ID. Note: If RACF® is your security product and your operating system does not have the Security Server feature, you can use the supplied samples to create the following:
- RACF® TMEADMIN class EQQ9RFDE. Use the following macro,
which you can access in the EQQ9RFDE member of SEQQSAMP library:
TMEADMIN ICHERCDE CLASS=TMEADMIN, ID=129, MAXLNTH=246, FIRST=ALPHANUM, OTHER=ANY, POSIT= 26, OPER=NO, DFTUACC=NONE, DFTRETC=8, RACLIST=ALLOWED, GENLIST=ALLOWED
- RACF Router Table EQQ9RF01. Use the following macro, which you can access in the EQQ9RF01 member
of SEQQSAMP library:
TAB18 ICHRFRTB CLASS=TMEADMIN,ACTION=RACF
- RACF® TMEADMIN class EQQ9RFDE. Use the following macro,
which you can access in the EQQ9RFDE member of SEQQSAMP library:
- Using RCAF TMEADMIN class, map the administrator ID to the RACF® user ID. The RACF® user ID is associated with the administrator defined at the workstation. Any administrative action is thereby traceable to the user issuing the request.
- Define a profile in the supplied resource class TMEADMIN for each administrator who is able to
access Dynamic Workload Console. Note: In the following tasks, which are for mapping the administrator to RACF® user IDs, it is recommended that each administrator maps to a unique RACF® user ID.
- Activate the TMEADMIN class by typing the following command: SETROPTS CLASSACT (TMEADMIN).
- In the TMEADMIN class, use the following string to define a unique RACF® user ID for each administrator who will perform Dynamic Workload Console operations:
For example, for a user with the identifier SCOT at the host pelican, you would useuserID@hostname
SCOT@pelican
. - Enter the following command to define a general resource profile in the TMEADMIN class to
associate the administrator with a RACF® user ID (in this
example, SCOT):
RDEFINE TMEADMIN SCOT@hostname APPLDATA('SCOT')
Note: The stringSCOT@hostname
is not case sensitive. - Refresh the TMEADMIN class with the following command:
If you experience problems using special characters to define a profile in the TMEADMIN class, use the following command instead:SETROPTS RACLIST(TMEADMIN) REFRESH
SETROPTS GENERIC(TMEADMIN) REFRESH
Also, use the percent sign (%) instead of the special character. For example, for the Italian
code page, the character @ (hex'B5') is not accepted by RACF®.
Therefore, use SCOT%pelican
instead of SCOT@pelican
.
When searching a list of TMEADMIN profiles for a match, RACF® looks for the most similar generic profile.