The following steps assume that you have not yet defined any security rules for CICS® Configuration Manager, and that the CICS Configuration Manager system option for API command security checking is inactive. (Security checking is inactive by default. To check whether it is active or inactive, go to CICS Configuration Manager primary menu option 1.1 System Options.)
If you are already using CICS Configuration Manager with security checking, then ignore any of the steps below that you have already performed.
These steps specify CICS Configuration Manager general resource profiles with a prefix of CCVAPI. Feel free to specify a different prefix.
In RACF®:
CCVAPI.**
Give this profile a universal access authority (UACC) of READ.
This profile is for temporary use, until you define a more specific set of security rules for restricting access to API commands. For now, this profile allows you to activate security checking in CICS Configuration Manager, and then continue to perform API commands as if security checking were still inactive, except those API commands for which there are more specific profiles. We are about to define some specific profiles for Approve and Disapprove API commands.
CCVAPI.APP.TOURDT.PROJMAN
CCVAPI.DIS.TOURDT.PROJMAN
CCVAPI.APP.TOURDT.QATEAM
CCVAPI.DIS.TOURDT.QATEAM
CCVAPI.APP.TOURDT.APPDEV
CCVAPI.DIS.TOURDT.APPDEV
Give these profiles a UACC of NONE.
In the steps that follow, you will test these new security rules. There are several ways to do this. To perform the testing yourself, consider temporarily adding your own user ID to each of the three group profiles, so that you can represent all three approver roles without logging on under different user IDs.