Sasan, SailPoint IIQ can be customized to issue the IDCAMS DEFINE ALIAS and the IDCAMS DELETE ALIAS commands.
The "CTSxxxxx" STCs will need to have the requisite "READ" access to resource ID "STGADMIN.IGG.DEFDEL.UALIAS" in resource class ID "FACILITY". John P. Baker -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Sasan Mirkhani Sent: Wednesday, May 22, 2019 2:03 PM To: [email protected] Subject: Re: [E!] Re: Automatic Alias Creation That's actually what we've been doing for a long time. Our Sec admins use ISPF interface to make all RACF/TSO definitions. We will soon be using a new product to provision RACF IDs called Sailpoint IIQ. IIQ uses LDAP Server to provision RACF IDs and that will most likely be done by Helpdesk or other users who have little knowledge of RACF and TSO. We have to figure out a way to automate the ALIAS creation process when a RACF ID with TSO segment is defined but I'm not sure how we can do that yet. -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Carmen Vitullo Sent: May-22-19 1:56 PM To: [email protected] Subject: [E!] Re: Automatic Alias Creation who is responsible for setting up the ID's? most places I've been its the security team that creates the ID' provides the access to resources and creates the alias's, that can be, and have been streamlined in a lot of places I worked, the SECADMIN's only need to run a REXX or CLIST, provide the ID to get started and that script creates all the required security, and creates the ALIAS for the ID Carmen Vitullo ----- Original Message ----- From: "Sasan Mirkhani" <[email protected]> To: [email protected] Sent: Wednesday, May 22, 2019 12:41:13 PM Subject: Automatic Alias Creation Hi list, We're currently provisioning RACF IDs using the Tivoli Directory Server (LDAP SDBM backend). For IDs that are defined with TSO segment we need to figure out a way to automatically create an ALIAS. What would be the best way to go about this? I've thought about doing it in our LOGON PROC, however that would require users to have UPDATE access to the master catalog which we would like to avoid. How else can we go about this? Thanks ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
