Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. DTL__CAPXTIMESTAMP Time Stamps
  15. PowerExchange Glossary

RACF Class Security for Capture Registrations and Extractions Maps

RACF Class Security for Capture Registrations and Extractions Maps

PowerExchange checks PowerExchange-specific resource profiles to determine access to capture registrations and extraction maps.
To enable RACF class security checking, specify 2 in the first parameter of SECURITY statement in the DBMOVER configuration file and create and grant users the appropriate level of access to resource profiles.
PowerExchange uses the MVS System Authorization Facility (SAF) interface to check the following resource profiles:
  • CAPX.REG.* resource profiles control access to capture registrations, including the ability to add and edit capture registrations.
  • CAPX.CND.* resource profiles control the extraction of the data, but not the ability to add, edit, and delete extraction maps.
By default, PowerExchange checks CAPX.REG.* and CAPX.CND.* resource profiles in the FACILITY class. Use the RACF_CLASS parameter in the DBMOVER configuration file to specify a different class for checking security profiles. If you specify a different class, you must define it in RACF or another security product by using resource name with maximum length of 8 bytes.
Control access to capture registrations and extraction maps at the RACF class level, as follows:
  • To authorize users to view capture registrations, specify 2 in the first parameter of the SECURITY statement and create and grant users READ access to
    CAPX.REG.*
    resource profiles.
  • To authorize users to add, edit, or delete capture registrations, specify 2 in the first parameter of the SECURITY statement and create and grant users UPDATE access to
    CAPX.REG.*
    resource profiles.
  • To authorize users to extract change data, specify 2 in the first parameter of the SECURITY statement and create and grant users READ access to
    CAPX.CND.*
    resource profiles.
  • To authorize users to add, edit, or delete extraction maps, specify 2 in the first parameter of the SECURITY statement and create and grant users READ access to
    CAPX.REG.*
    resource profiles.
If you specify 2 in the first parameter of SECURITY statement, you must create resource profiles for capture registrations and extraction maps. Otherwise, PowerExchange denies access to these resources.