Using the RACF EJBROLE generator utility

The RACF EJBROLE generator utility (dfhreg) is a Java™ application program that extracts security role information from deployment descriptors, and generates a REXX program which can be used to define security roles to RACF .

The REXX program that dfhreg generates contains the RACF commands that define security roles as members of a profile in the GEJBROLE class. Before you run the REXX program, you will need to modify it, in order to change the name of the profile that is defined.

The dfhreg invocation scripts for USS (dfhreg) and for Windows (dfhreg.bat) are in the CICS_DIRECTORY/lib/security directory. The implementation of dfhreg (dfhreg.jar) is also in this directory. The other JAR files required to run dfhreg (dfjcsi.jar, dfjejbdd.jar, and dfjorb.jar) are in the CICS_DIRECTORY/lib directory. CICS_DIRECTORY is the HFS directory in which you have installed the USS components of CICS.

You can execute dfhreg on any platform that supports Java; however, you must execute the resulting REXX program against the RACF database on the z/OS® system where you wish to define the security roles. When you run dfhreg:
  1. Your classpath must contain:
    dfhreg.jar
    dfjcsi.jar
    dfjejbdd.jar
    dfjorb.jar
  2. You must be using a 1.4 or later version of the Java 2 SDK.

The REXX program which the utility generates is in the code page of the platform where the utility executes. If you run the utility on a platform that uses an ASCII code page, you must convert the REXX program to the EBCDIC code page used on the target z/OS system.