Setting basic access control functions

Business Continuity Manager Installation Guide

Version
9.8.7
File Size
1.1 MB
Audience
anonymous
Part Number
MK-95HC104-41

Business Continuity Manager controls access regarding the CLI commands, YKAGENTD (Business Continuity Manager agent), and YKBTSCAN (local batch scanning) as a basic access control function. Therefore, to use these commands and functionality, you must set up the RACF. Users can use these functions once profiles have been defined for the RACF FACILITY class, and once READ permissions for these profiles have been set to the users' accounts.

For details about the extended access control function, see the Hitachi Business Continuity Manager User Guide.

The following table lists the correspondence between profiles defined in the FACILITY class and available functions.

Table. Correspondence between profiles defined in the FACILITY class and available functions

Profile defined for the FACILITY class

Available functions

STGADMIN.YKA.BCM.COMMANDS

(Operation profiles)

YKAGENTD

YKBLDCMD command

YKBLDPTH command

YKBLDRMT command

YKBTSCAN

YKDELCMD command

YKDELETE command

YKDELPTH command

YKDELRMT command

YKDEXCTG command

YKEWAIT command

YKFCSTAT command

YKFREEZE command

YKH2B command

YKMAKE command

YKQEXCTG command

YKQHPATH command

YKQRYDEV command

YKQRYPTH command

YKQUERY command

YKRECVER command

YKRESYNC command

YKRUN command

YKSCAN command

YKSTATS command

YKSUSPND command

YKWATCH command

STGADMIN.YKA.BCM.YKQUERY

(Reference profiles)

YKAGENTD

YKBTSCAN

YKDSPRMT command

YKEWAIT command

YKFCSTAT command

YKH2B command

YKQEXCTG command

YKQHPATH command

YKQRYDEV command

YKQRYPTH command

YKQUERY command

YKSCAN command

YKSTATS command

YKWATCH command

Depending on the parameter specified for the YKFENCE command, you must define the following ANTRQST macro profiles in the FACILITY class.

  • For the YKFENCE command with the SOFTFENCE or SOFTUNFENCE parameter specified

    • STGADMIN.ANT.PPRC.COMMANDS

    • STGADMIN.ANT.PPRC.FENCE

  • For the YKFENCE command with the QUERY parameter specified

    • STGADMIN.ANT.PPRC.CQUERY

Note: A user can use commands other than those in the preceding table, even if the user has not been assigned READ permissions for these profiles.
Note: Use profiles to restrict access to the following commands. Unrestricted access to these commands could have an adverse affect on recovery operations at a remote site.
  • YKBLDCMD

  • YKBLDPTH

  • YKDELCMD

  • YKDELETE

  • YKDELPTH

  • YKDEXCTG

  • YKFREEZE

  • YKMAKE

  • YKRECVER

  • YKRESYNC

  • YKRUN

  • YKSUSPND

For details on how to set the READ permissions for the profiles to the user, see Procedure for setting the READ permission for the RACF profile to the user.

The CLI commands in the following table issue other CLI commands internally. As such, to execute one of the CLI commands in this table, you must have permission to reference the profile of the internally issued CLI command as well. The CLI commands for which YKLOAD(GROUP) is listed as an internally issued command in the following table internally issue the YKLOAD command with the GROUP parameter specified. For this reason, if you are using the access protection function for copy groups, you must have permission to reference the profile of the copy group to be loaded. For details about the profiles of copy groups, see Table 1.

CLI command

Internally issued CLI command

YKBLDRMT YKLOAD(ROUTE),YKBLDCMD,YKQRYDEV
YKDEFGRP YKLOAD(GROUP),YKSTORE
YKDEFRMT YKLOAD(ROUTE),YKSTORE
YKDELCNF YKLOAD(ROUTE)
YKDELRMT YKLOAD(ROUTE),YKDELCMD
YKDSPGRP YKLOAD(GROUP)
YKDSPRMT YKLOAD(GROUP),YKQRYDEV