z/OS Cryptographic Services PKI Services Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Steps for authorizing users for inquiry access

z/OS Cryptographic Services PKI Services Guide and Reference
SA23-2286-00

Before you begin

If you implemented the object store and ICL using VSAM data sets, you need to know the high-level VSAM data set qualifier used for the IKYSETUP variable vsamhlq value, in case your installation did not use the PKISRVD default. (See Table 1.)

Procedure

Perform the following steps to add and administer a group that needs authority to query PKI Services information.

  1. Add the new group.
    ADDGROUP HELPDESK OMVS(GID(197312))
  2. Connect each member to the new group. Repeat for each user ID you need to connect. 
    CONNECT OPER17 GROUP(HELPDESK)
  3. Authorize the new group for READ access to the resources of PKI Services. Replace your installation's value for the data set's high-level qualifier if your installation did not use the PKISRVD default.
    PERMIT 'PKISRVD.**' ID(HELPDESK) ACCESS(READ)
PERMIT IRR.RPKISERV.PKIADMIN CLASS(FACILITY)
   ID(HELPDESK) ACCESS(READ)
SETROPTS GENERIC(DATASET) REFRESH
SETROPTS RACLIST(FACILITY) REFRESH
    The SETROPTS commands activate the profiles that authorize READ access.
  4. If necessary, you can remove a user from the group. The following example removes the user you connected in Step 2.
    REMOVE OPER17 GROUP(HELPDESK)
  5. If necessary, you can delete the group. The following example deletes the group you created in Step 1.
    DELGROUP(HELPDESK)
Parent topic: Authorizing users for inquiry access

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014