IOFTech    Maintenance   Release8G       Newsletters    Doc    FAQ    Contacts    Home    Webmaster

IOF Problem Resolution
Problem C10
Previous Next
Description Users are REFUSED when they select the ENC or PS options
 
BACKGROUND Release 8 introduced the ENCLAVES and PROCESS panels. To control access to these panels, three new resource types were defines:

      ENCLAVES - to control access to enclaves
      PROCESS  - to control access to UNIX processes
      THREADS  - to control access to process threads
                 (THREADS access is inherited from PROCESS
                  so normally is not required)

The MPI install process added ENCLAVES and PROCESS resources to the B21ACESS option.

ALLOW macros are required in the B23ALLOW option in order to grant access to these recources.


 

SOLUTION First, check B21ACESS to insure that the ENCLAVES and PROCESS resources have been added to all access tables (ACCTABLE macro).

Started tasks and members of the OPERATOR group most likely can use the ENC and PS commands because of parms in the A60ACF option.

Permit users in the SPGMR IOF group to browse and manage all ENCLAVES.

ALLOW 4,4,ENCLAVES,*,GROUP=SPGMR

Permit allow users to see ENCLAVES but not manage them.

ALLOW 1,0,ENCLAVES,*,ID=*

Permit users in the SPGMR IOF group full access to UNIX processes and process threads

ALLOW 4,4,PROCESS,*,GROUP=SPGMR

Permit all users full access to UNIX processes they own.

ALLOW 4,4,PROCESS,OWNER,'/U',ID=*

Note:
The IBM defined SAF rules for enclaves and processes can also be used to control these resources with the security system.
 
More Help Click here to EMAIL a problem report to IOF Technical Support for additional assistance.

 

Previous Next

Triangle Systems, Inc. PO Box 12752, Research Triangle Park, NC 27709
(919) 544-0090

IOFTech    Maintenance   Release8G       Newsletters    Doc    FAQ    Contacts    Home    Webmaster

Monday, 25-Jan-2016 13:45:22 EST
[an error occurred while processing this directive]

@@