Setting up the PKI Services daemon user ID

Create the daemon user ID (by default, PKISRVD) using the RACF® ADDUSER TSO command. Give it an OMVS segment because it needs access to z/OS® UNIX. If you implement the object store and issued certificate list (ICL) using VSAM data sets, this user ID also needs update access to the VSAM data sets identified in the ObjectStore section of the pkiserv.conf file. If necessary, use the RACF ADDSD and PERMIT TSO commands to give this user ID UPDATE access to the VSAM data sets. If you implement the object store and ICL using DB2® tables, this user ID also needs access to the Resource Recovery Services Access Facility (RRSAF). If necessary, use the RACF RDEFINE and PERMIT commands to define the profile for RRSAF in the DSNR class and give this user ID READ access.

Guideline: Define the daemon user ID with the NOPASSWORD attribute.

To associate this user ID to the PKI Services started procedure, use the following RACF TSO commands: 
RDEFINE  STARTED PKISERVD.* STDATA(USER(PKISRVD)) 
SETROPTS CLASSACT(STARTED) RACLIST(STARTED) 
SETROPTS RACLIST(STARTED) REFRESH
Parent topic: Actions IKYSETUP performs by issuing RACF commands