z/OS MVS Programming: Callable Services for High-Level Languages
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Authority to the particular resource

z/OS MVS Programming: Callable Services for High-Level Languages
SA23-1377-02

A BCPii application needs to have authority to the particular resource that it is trying to access. That particular resource can be the CPC itself, an image (LPAR) on a particular CPC, or a particular capacity record on a particular CPC. BCPii needs a profile defined in the FACILITY resource class that represents the target of the particular BCPii request. The profile name required to be defined depends on the type of the particular resource required.
Request Type FACILITY Class Profile Required
CPC HWI.TARGET.netid.nau where netid.nau represents the 3– to 17–character SNA name of the particular CPC.
Image HWI.TARGET.netid.nau.imagename where netid.nau represents the 3– to 17–character SNA name of the particular CPC and imagename represents the 1– to 8-character LPAR name.
Capacity record HWI.CAPREC.netid.nau.caprec where netid.nau represents the 3– to 17–character SNA name of the particular CPC and caprec represents an 8–character capacity record name.
Activation profiles HWI.TARGET.netid.nau where netid.nau represents the 3– to 17–character SNA name of the particular CPC the activation profile is defined.
User-defined image groups HWI.TARGET.netid.nau where netid.nau represents the 3– to 17–character SNA name of the particular CPC the user-defined image group is defined.
Note: For compatibility with security products, BCPii automatically transforms the following names to all uppercase characters: CPC names (including the local CPC name represented by '*'), image names, and capacity record names specified on the HWICONN service.
The access level required for the particular profile depends on the service that the BCPii application attempts to issue. See the BCPii API documentation in this chapter for specifics regarding the minimum access level required for each BCPii API service. The RACF syntax is as follows: 
RDEFINE FACILITY HWI.TARGET.netid.nau UACC(NONE) APPLDATA('uppercasecommunityname’)
PERMIT HWI.TARGET.netid.nau CLASS(FACILITY) ID(userid) ACCESS(READ)
SETROPTS RACLIST(FACILITY) REFRESH
where netid.nau represents the 3 to 17 character SNA name of the CPC.
This RACF example allows user JOE to have Connect, Event, List, and Query access to CPC NET1.CPC001, using community name XYZ123. See Community name defined in the security product for each CPC for more details.
RDEFINE FACILITY HWI.TARGET.NET1.CPC001 UACC(NONE) APPLDATA(‘XYZ123’)
PERMIT HWI.TARGET.NET1.CPC001 CLASS(FACILITY) ID(JOE) ACCESS(READ)
SETROPTS RACLIST(FACILITY) REFRESH
This RACF example grants user JOE with Command, Connect, Event, List, Query, and Set access to any image (LPAR) on NET1.CPC001:
RDEFINE FACILITY HWI.TARGET.NET1.CPC001.* UACC(NONE)
PERMIT HWI.TARGET.NET1.CPC001.* CLASS(FACILITY) ID(JOE) ACCESS(ALTER)
SETROPTS RACLIST(FACILITY) REFRESH
Parent topic: Setting up authority to use BCPii

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014