Mainframe Connector for CA-ACF2 now supports managing permissions for accounts and groups when configured with IdentityIQ and/or IdentityNow.
All permissions are taken from CA-ACF2 rules.
Authorization: Bearer token
Content-Type: application/json-patch+json
[
{
"op": "replace",
"path": "/connectorAttributes/splAceAttributes",
"value": {
"ALLOC": "false",
"ACTIVE": "false",
"LIB": "false",
"FOR": "false",
"VERIFY": "false",
"RECCHECK": "false",
"UNTIL": "false",
"DDN": "false",
"NEXTKEY": "false",
"WRITE": "false",
"READ": "false",
"EXEC": "false",
"SHIFT": "false",
"UID": "false",
"VOL": "false",
"DATA": "false",
"PGM": "false",
"SOURCE": "false",
"SERVICE": "true",
"ACCESS": "false",
"RESMASK": "false"
}
}
]
For more information on IdentityNow REST API, refer the following documents:
To enable the functionality to manage permissions for ACF2 application, perform the following steps:
Set REFRESH_GDB parameter of RSSPARM to Y.
Following are the new messages introduced by this fix:
When REFRESH_GDB is set to Y in RSSPARM, the groups are defined based on CA-ACF2 rules. In this case, there is no need to add or define new groups manually.
System Action: The Add Group request is denied.
User Response: Do not try to add new groups manually from IdentityNow.
This is an informative message that this account does not have any permissions in CA-ACF2 rules.
System Action: Processing continues.
User Response: CA-ACF2 administrator must verify if this account is required or must be deleted.
Permissions will not be returned for the user (for Sync User request) or all users (for Account Aggregation). The reason can be found in accompanying messages in STDMSG, SYSPRINT of JOBLOG.
System Action: Processing continues.
User Response: Check the accompanying messages in STDMSG, SYSPRINT of JOBLOG and perform accordingly.
Several permissions ignored. There is not enough space in the permissions area for all the permissions of the userid. <type> is the permission type: Direct / Indirect.
System Action: Not all permissions for this userid are returned. Processing continues.
User Response: None