Setting security when the extended access control function is installed

Business Continuity Manager Installation Guide

Version
9.8.7
File Size
1.1 MB
Audience
anonymous
Part Number
MK-95HC104-41

Profiles to be defined to the FACILITY class used by the extended access control function

When the extended access control function (copy group access control function, specific command access control function, and the REVERSE RESYNC protection function) is installed in Installing Business Continuity Manager with SMP/E, you need to set the access control (RACF settings). After defining the profile to the RACF FACILITY class, set the READ permission for that profile to the user.

This section describes about the profile types to be defined in the FACILITY class and how to set the READ permission for the profile. For details on which profile's READ permissions to set for each user, see "Extended access control functions" in the Hitachi Business Continuity Manager User Guide.

The following table shows the profiles to be defined in the FACILITY class used by the extended access control functions:

Table. Profiles to be defined in the FACILITY class used by the extended access control functions

Extended access control function

Profiles to be defined to the FACILITY class

Copy group access control function

STGADMIN.YKA.BCM.PFX.prefix

(prefix profile)

STGADMIN.YKA.BCM.CGTYPE.copy-type

(copy type profile)

STGADMIN.YKA.BCM.CGNAME.copy-group-ID

(copy group profile)

Specific command access control function

STGADMIN.YKA.BCM.CLI.YKDELETE

(YKDELETE command profile)

STGADMIN.YKA.BCM.CLI.YKMAKE

(YKMAKE command profile)

STGADMIN.YKA.BCM.CLI.YKRECVER

(YKRECVER command profile)

STGADMIN.YKA.BCM.CLI.YKQRYDEV

(YKQRYDEV command profile)

STGADMIN.YKA.BCM.CGTYPE.copy-type

(copy type profile)

REVERSE RESYNC protection function

STGADMIN.YKA.BCM.COMMANDS.REGRSYNC#

(The profile of the function that prevents users to whom permission is not granted in this profile from performing resynchronization that transfers data in a direction that is the reverse of the current copy direction)

STGADMIN.YKA.BCM.COMMANDS.REGRSYNC.ONL

(The profile of the function that prevents users to whom permission is not granted in this profile from performing resynchronization that transfers data in a direction that is the reverse of the current copy direction of a copy pair while in an online state)

Legend:
prefix: Configuration file prefix
copy-type: SI, TC, or UR
copy-group-ID: Copy group ID
#
REGRSYNC (REGressive ReSYNC) means that data that should not be overwritten (such as data that is being accessed from the current host -or active data-) by reversing resynchronization. For details on the REVERSE RESYNC protection function that uses this profile, see "REVERSE RESYNC protection function" in the Hitachi Business Continuity Manager User Guide.
Tip: Generic names can be used for profile names.

For example, you can use a generic name such as STGADMIN.YKA.BCM.CGNAME.GRP* when specifying access permissions to copy group ID GRP01 to GRP09.

Procedure for setting the READ permission for the profile to the user

For details on how to set the READ permission for the profile to the user, see Procedure for setting the READ permission for the RACF profile to the user.