RACF considerations for FPO
If you are planning to use security validation, such as those provided by RACF®, you need to activate the security function.
Before any FPO processing is run, RACF verifies that the user ID of the IFP utility is authorized to class IMSTxxx to run the required function, where xxx can be OPC, ODE, OAE, or ODM. For OER, if you are planning to use security validation when the Area Sensor or OPC is used, specify OPC for xxx. If validation fails, processing ends.
RACROUTE REQUEST=AUTH,APPL='FPX',ATTR=READ,
CLASS='IMSTxxx',ENTITYX='imsid.dbname.areaname'
To activate security, you need to run two tasks: activate CLASS IMSTxxx and set up the appropriate RACF permit list.
If RACF is being used, a system IPL is required to activate the updated class descriptor table.
The following figure is an example of the class descriptor entries, which must be added to the class descriptor table maintained by the RACF ICHERCDE utility.
The following figure shows an example provided to help you in setting up your RACF permit list for an FPO utility.
Remember, if you update the class descriptor table, you must IPL the system to activate it.