Ensure that the IWM4HLTH service is used properly
Description
As of z/OS® V2R2, the minimum authorization requirements for callers of the Workload Management service, IWM4HLTH (setting the server health indicator), are changed. Problem state with any PSW key is sufficient only for setting the health indicator for the home address space of the calling application.
- Supervisor state
- Program key mask (PKM) with at least one of the keys 0 - 7
- UPDATE authority to the resource IWM.SERVER.HEALTH in the FACILITY class.
- Runtime Diagnostics creates a diagnostic event for each address space with a server health value less than 100, regardless of the reason. Events that are created for reasons other than server health might be considered as false events by the user of Runtime Diagnostics.
- Predictive Failure Analysis (PFA) issues exceptions for Runtime Diagnostics events that are received for server health values less than 100. PFA exceptions that are issued for these events might be considered as false positive exceptions by the user of PFA.
Table 1 provides more details about this migration action. Use this information to plan your changes to the system.
Element or feature: | BCP. |
---|---|
When change was introduced: | z/OS V2R2, z/OS V2R1, and z/OS V1R13, all with APAR OA46280. |
Applies to migration from: | z/OS V2R1 and z/OS V1R13, both without APAR OA46280. |
Timing: | Before the first IPL of z/OS V2R2. |
Is the migration action required? | Yes, if you have
|
Target system hardware requirements: | None. |
Target system software requirements: | None. |
Other system (coexistence or fallback) requirements: | None. |
Restrictions: | None. |
System impacts: | None. |
Related IBM® Health Checker for z/OS check: | None. |
Steps to take
ICH408I USER(user) IWM.SERVER.HEALTH CL(FACILITY)
WARNING: INSUFFICIENT AUTHORITY - TEMPORARY ACCESS ALLOWED
- Change the program so that it no longer calls the IWM4HLTH service or no longer runs the program.
- Change the caller authorization to supervisor state or PKM, with at least one of the keys 0-7.
- Give the user ID associated with the program UPDATE authority to the resource profile IWM.SERVER.HEALTH or an appropriate generic profile when generic profile checking is active.
After the necessary steps are taken, modify the resource profile and specify NOWARNING. Or, if there are no unauthorized callers of the IWM4HLTH service, delete the profile.
Also, ensure that callers of the IWM4HLTH service do not set health values of less than 100 for reasons other than server health.
Reference information
For more information, For more information, see z/OS MVS Programming: Workload Management Services.