Controlling User Access to TP Profiles and Side Information on MVS

On MVS, side information and TP profiles contain routing and scheduling information that MVS uses to find and initiate TPs in response to allocate requests from other TPs. These TP profiles are distinct from RACF® profiles.

APPC/MVS administrators on MVS must create the TP profiles and side information before users can invoke the TPs named in the TP profiles and side information. Special security mechanisms let you control access to side information and TP profiles on MVS. By controlling access to TP profiles on MVS, you control access to the TPs themselves. Figure 1 shows the role of side information and TP profiles in establishing conversations.

To illustrate the use of side information on MVS, Figure 1 shows TPA on an z/OS system. In this case, TPA uses a symbolic destination name (SYMDES1) to identify the inbound TP, and APPC/MVS checks the side information file to determine the actual names of the inbound TP and LU. Figure 1 also shows a TP profile for TPB. The TP profile contains scheduling information that MVS uses to initiate TPB.

Figure 1. TP Profiles and Side Information
TP Profiles and Side Information
APPC administrators create and maintain TP profiles and side information by using the APPC/MVS administration utility (ATBSDFMU), or the APPC/MVS administration dialog (an interactive front-end to ATBSDFMU). The TP profiles and side information entries are stored in VSAM key-sequenced data sets (KSDS). To protect a KSDS and its individual entries, do the following:
  • Define a data set profile for the KSDS with UACC(NONE), then give ATBSDFMU program access to the RACF profile
  • Use the APPC/MVS administration utility or dialog to create database security tokens (database tokens) to associate with the data set
  • Create RACF profiles in the APPCTP and APPCSI classes to control access to individual entries (TP profiles and side information entries) in each KSDS.
Parent topic: Conversation Security: Protecting APPC/MVS TPs