Mainframe Connector Userid Requirements

Use the following command to assign an OMVS segment to the Mainframe Connector started task userid in a RACF environment:

ALU mfc_id OMVS(UID(999999) HOME(/) PROGRAM(/bin/sh))

The RACF started task table should be updated to include the Mainframe Connector started task procedure name and corresponding mfc_id.

If the functions to create a new userid, delete an existing userid, or update attributes for an existing userid will be used, the userid that will be used for the Mainframe Connector started task will need to have sufficient RACF authority to perform those functions for the target userids. This will typically mean that the Mainframe Connector started task userid will require RACF SPECIAL or minimally, RACF GROUP-SPECIAL authority. As well, it will be necessary for the RACF started task to be running for the create, delete, or update operations to succeed.

Similarily for TopSecret, the userid that the Mainframe Connector subsystem will run under needs appropriate OMVS definitions. As well, the userid should also be assigned with NOSUBCHK and MAINTAIN as follows:

TSS ADD(mfc_id) UID(999999)

TSS ADD(mfc_id) NOSUBCHK

TSS ADMIN(mfc_id) ACID(MAINTAIN)

To prevent online access with the mfc_id the SOURCE(INTRDR) restriction is also recommended. This can be assigned as follows:

TSS ADD(mfc_id) SOURCE(INTRDR)

The TopSecret started task table should be updated to include the Mainframe Connector started task procedure name and corresponding mfc_id .

The Mainframe Connector started task will also require a TopSecret master facility. This can be set up in one of the available user facility definitions as follows:

TSS MODIFY FAC(USERnn=NAME=facname)

TSS MODIFY FAC(facname=PGM=PSN)

' nn ' represents an available user facility and ' facname ' represents the facility name. An example definition may look like:

TSS MODIFY FAC(USER43=NAME=MFC)

TSS MODIFY FAC(MFC=PGM=PSN)

The master facility can be assigned to the Mainframe Connector userid as follows:

TSS ADD(mfc_id) MASTFAC(facname)

for example:

TSS ADD(MFCX) MASTFAC(MFC)

All userids that will be managed by the Bravura Security Fabric server should be set up with access to the MFC facility. This would be done as follows:

TSS ADD(acid) FAC(facname)

for example:

TSS ADD(DBAUSR1) FAC(MFC)

In order to support SUSPEND reset capability as specified by the PSNCUX01 and PSNCUX04 user exits and to support inbound enable and disable requests, the Mainframe Connector started task userid must be granted the appropriate authority. This is done as follows:

TSS ADMIN(mfc_id) MISC1(SUSPEND)

TSS ADMIN(mfc_id) MISC8(REMASUSP)

The TYPE assigned to the Mainframe Connector started task userid must be set to a value that will allow Mainframe Connector to perform administrative functions against incoming userids appropriately. For example, if the Mainframe Connector started task userid has been created with TYPE(USER) it will not be able to perform administrative functions for a userid that has been created with TYPE(LSCA) .

In order to support the ability to add or remove ACIDs to or from a GROUP or PROFILE, the Mainframe Connector started task userid will require the CONSOLE attribute. This is done as follows:

TSS ADD(mfc_id) CONSOLE

The userid that Mainframe Connector will run under must have OMVS segment information assigned to it. This will include an OMVS UID and GID. This userid can be set up as follows:

SET LID

INSERT mfc_id NAME(MFC STC ID) STC GROUP(OMVSGRP)

for example:

INSERT MFCX NAME(MFC STC ID) STC GROUP(OMVSGRP)

An OMVS segment can be set up as follows:

SET PROFILE(USER) DIV(OMVS)

INSERT mfc_id UID(999999)

Similarily, the default group for the Mainframe Connector userid must have an OMVS segment. The group OMVS segment can be defined as follows:

SET PROFILE(GROUP) DIV(OMVS)

INSERT mfc_grp GID(999999)

The ACF2 started task table should be updated to include the Mainframe Connector started task procedure name and corresponding mfc_id .