Control-M z/OS Security calls

Everything about Control-M Server for z/OS installation or setup.
Post Reply
User avatar
Posts: 3
Joined: 24 Sep 2007 12:00
Location: Pavia

Control-M z/OS Security calls

Post by mpmc01 » 31 Mar 2009 11:49

Hi, I'm tring to activate the security calls on a Control-M v6.20 on z/OS. I created in Racf the new facility (ex. 'SSCTMPNL3.xxxx') but notting happens. Can anyone send me some example for this issue.. :(
Thanks in advance

User avatar
Posts: 1
Joined: 07 Apr 2009 12:00
Location: Munich

Post by Leila » 07 Apr 2009 5:05

Hello Marco,

if the userid is supposed to have access to the IOA Online Facility (ISPF)
then it needs the following access:

UPDATE on IOA LOG data set
UPDATE on IOA PROF data set
READ on all other IOA data sets

To look at the Active Jobs File ("panel 3") then you need

READ on FACILITY $$CTMPNL3.<environment>
READ on CTM CKP data set

Then for any other action you want to do (add condition etc.) there is yet other access to be given. You need to think about a policy and what types of users you have, f.ex. read-only users, operators, admins, and what actions in Control-M they would need access to.
Then for each type create a RACF group and give that group the access.
Individual users are then connected to the group. This way when people come and go or move to other teams the access is easily granted, changed or removed.

Another thing to be aware of is the different security modes. Basic Definition Mode, Extended Definition Mode and Conditional Definition Mode.
Basic Mode is like all or nothing (once you have access to it at all, you can do everything) and Extended is more granular where you can allow or deny certain things.
Conditional means you can use both, and choose what you need on a per user basis. Then you need a FACILITY $$IOAEDM.qname or $$CTxEDM.qname profile. If a user has READ access to that, Extended Mode applies.

Best regards

User avatar
Posts: 11
Joined: 18 May 2008 12:00
Location: Mexico, D. F.

Security (RACF) for products INCONTROL

Post by siipryasa » 23 Apr 2009 2:17

Hello Marco,

You has define what is the level of security, if you define SECURITY EXTEND you has define all facility, in the manual security that all you has to do.

For example $$IOAEDM.*

You can easy this with the IOAICE


Post Reply