Language English. Product Menu Topics. Console Operator Commands. Enter the following console commands at an operator console:. Command Syntax.
|Published (Last):||21 June 2018|
|PDF File Size:||5.61 Mb|
|ePub File Size:||4.22 Mb|
|Price:||Free* [*Free Regsitration Required]|
The ACF2 resource adapter is defined in the com. ACF2ResourceAdapter class. The ACF2 resource adapter is a custom adapter. You must perform the following steps to complete the installation process:.
Connection Manager. However, if the toolkit installation is not available, the HOD installation contains the following JAR files that can be used in place of the habeans. This section lists dependencies and limitations related to using the ACF2 resource adapter. TSO sessions do not allow multiple, concurrent connections. Thus, if you create two administrators, two Identity Manager ACF operations can occur at the same time. You should create at least two and preferably three administrators.
If you are running in a clustered environment, you must define an admin for each server in the cluster. This applies even if it is the same admin. For TSO, there must be a different admin for each server in the cluster. If clustering is not being used, the server name should be the same for each row the name of the Identity Manager host machine. Host resource adapters do not enforce maximum connections for an affinity administrator across multiple host resources connecting to the same host.
Instead, the adapter enforces maximum connections for affinity administrators within each host resource. If you have multiple host resources managing the same system, and they are currently configured to use the same administrator accounts, you might have to update those resources to ensure that the same administrator is not trying to perform multiple actions on the resource simultaneously.
The ACF2 adapter requires login and logoff resource actions. The login action negotiates an authenticated session with the mainframe. The logoff action disconnects when that session is no longer required.
See Mainframe Examples for more information about creating login and logoff resource actions. This section provides information about supported connections and privilege requirements. The following table summarizes the provisioning capabilities of this adapter.
The logical or physical input source name or source group name where this logonid last accessed the system. The maximum number of minutes permitted between terminal transactions for this user.
The logonid is automatically activated one minute after midnight on the date contained in this field. This user can generate a dump even when the address space is in an execute-only or path control environment.
The user can display and alter certain fields of other logonids for other users. A user can access the system outside the time period specified in the SHIFT field of the logonid record. A user can use a specified program executed from a specified library to access resources without loggings or validation.
Step-must-complete SMC controls are bypassed; a job is considered noncancelable for the duration of the sensitive VSAM update operation. Checks privilege control resource rules when the user accesses the system to see what additional privileges and authorities the user has. This restricted logonid is for production use and does not require a password for user verification. Specifies that a resource rule must authorize any accesses that a user makes.
The infostorage scope record that restricts accesses for this privileged user. This user is a security administrator who, in the limits of his scope, can create, maintain, and delete access rules, resource rules, and infostorage records. The node where the synchronized logonid for this logonid is found in the Logonid database.
This user can use full bypass label processing BLP when accessing tape data sets. The maximum number of days permitted between password changes before the password expires. If the value is zero, no limit is enforced. The minimum number of days that must elapse before the user can change the password. The number of password violations that occurred since the last successful logon. The logical or physical input source name or source group name where the last invalid password for this logonid was received.
The password for this logonid is halfway-encrypted and can be extracted by an APF-authorized program. These fields can activate extended user authentication EUA for each designated system user.
The shift record that defines when a user is permitted to log on to the system. The logical or physical input source name or source group name where this logonid must access the system. The number of minutes that this user can be idle on the system before idle terminal processing begins.
The type of idle terminal processing to perform when the user exceeds the idle time limit. Indicates that only the listed command and aliases are accepted when using TSO command lists. The name of the TSO command list module that contains the list of the commands that this user is authorized to use.
Use the Identity Manager debug pages to set trace options on the following classes:. Copyright Sun Microsystems, Inc.
All rights reserved. ACF2 : 6. Add the following definitions to the Waveset. Restart your application server so that the modifications to the Waveset.
Note Host resource adapters do not enforce maximum connections for an affinity administrator across multiple host resources connecting to the same host.
Feature Supported? MAINT boolean A user can use a specified program executed from a specified library to access resources without loggings or validation. PRIV-CTL boolean Checks privilege control resource rules when the user accesses the system to see what additional privileges and authorities the user has. SECURITY boolean This user is a security administrator who, in the limits of his scope, can create, maintain, and delete access rules, resource rules, and infostorage records.
STC boolean Only started tasks use this logonid. Import directly from resource Reconciliation. The user name displayed on logging and security violation reports. The number of system accesses made by this logonid since it was created. The logonid is canceled and denied access to the system. The logonid is suspended and denied access to the system. All data references by this user are traced and logged.
The user can insert, delete, and change logonids, as limited by a scope. Dump created when a data set or resource violation occurs. This virtual machine can be autologged without specifying a password. The logonid has the authority to sign on to CICS.
A network job cannot inherit this logonid from its submitter. This user is unauthorized to store or delete rule sets. A user can access all data, even if a rule prohibits this access. The specified APF-authorized program to submit jobs for this logonid.
The logonid has only read access to all data at the site. An access rule must exist for all data this user accesses. Only an APF-authorized program can submit jobs specifying this logonid. This user has limited BLP when accessing tape data sets. The date of the last invalid password attempt. The time when the last invalid password for this logonid was received.
The date and time the password was last changed. The group or project name associated with this user. The high-level index of the data sets that this user owns and can access. A loginid field that holds the default account number for a virtual machine. The total number of security violations for this user. The date and time that this logonid record was last updated. Indicates whether the user has TSO accounting privileges.
The TSO character-delete character for this user. This user can specify an account number at logon time. This user can specify message class at logon time. This user can specify a performance group at logon time. This user can specify the TSO procedure name at logon time.
This user is authorized to specify any region size at logon time. This user can specify the TSO session time limit at logon time. This user can specify the TSO unit name at logon time. Receive mail messages from TSO at logon time.
Creating CA-ACF2 Facility Classes
Setting up CA ACF2