Steps for authorizing users for inquiry access
Before you begin
If you implemented the object store and ICL using VSAM data sets, you need to know the high-level VSAM data set qualifier that is used for the IKYSETUP variable vsamhlq value, in case your installation did not use the PKISRVD default. (See Table 1.)
Procedure
Perform the following steps to add and administer a group that needs authority to query PKI Services information.
- Add the new group.
ADDGROUP HELPDESK OMVS(GID(197312))
- Connect each member to the new group. Repeat for each
user ID you need to connect.
CONNECT OPER17 GROUP(HELPDESK)
- Authorize the new group for READ access to the resources of PKI Services. Replace
your installation's value for the data set's high-level qualifier
if your installation did not use the PKISRVD default.
The SETROPTS commands activate the profiles that authorize READ access.PERMIT 'PKISRVD.**' ID(HELPDESK) ACCESS(READ) PERMIT IRR.RPKISERV.PKIADMIN CLASS(FACILITY) ID(HELPDESK) ACCESS(READ) SETROPTS GENERIC(DATASET) REFRESH SETROPTS RACLIST(FACILITY) REFRESH
- If necessary, you can remove a user from the group. The following
example removes the user that you connected in Step 2.
REMOVE OPER17 GROUP(HELPDESK)
- If necessary, you can delete the group. The following example
deletes the group that you created in Step 1.
DELGROUP(HELPDESK)