z/OS Cryptographic Services ICSF Administrator's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Setting up profiles in the CSFKEYS general resource class

z/OS Cryptographic Services ICSF Administrator's Guide
SA22-7521-17

To set up profiles in the CSFKEYS general resource class, take these steps:

  1. Define appropriate profiles in the CSFKEYS class: 
        RDEFINE  CSFKEYS label  UACC(NONE)
             other-optional-operands

    where label is the label by which the key is defined in the CKDS or PKDS. Note that if an application uses a token instead of a key label, no authorization checking is done on the use of the key.

    Notes:
    1. If you have ICSF/MVS Version 1 Release 1 profiles that specify key-type.label, you need to change them to specify only label.
    2. As with any RACF profile, if you want to change the profile later, use the RALTER command. To change the access list, use the PERMIT command as described in the next step.
    3. If you have already started ICSF, you need to refresh the in-storage profiles. See Step 3.
    4. You can specify other operands, such as auditing (AUDIT operand), on the RDEFINE or RALTER commands.
    5. If the RACF security administrator has activated generic profile checking for the CSFKEYS class, you can create generic profiles using the generic characters * and %. This is the same as any RACF general resource class.
  2. Give appropriate users (preferably groups) access to the profiles: 
        PERMIT  profile-name  CLASS(CSFKEYS)
            ID(groupid)  ACCESS(READ)
  3. When the profiles are ready to be used, ask the RACF security administrator to activate the CSFKEYS class and refresh the in-storage RACF profiles: 
        SETROPTS  CLASSACT(CSFKEYS)

    SETROPTS RACLIST(CSFKEYS) REFRESH

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014