Establishing a Security Environment for Inbound TPs on MVS

When an inbound allocate request for a TP on MVS has a security type of SAME or PGM and includes a user ID that is defined to RACF®, APPC/MVS automatically uses the RACF user profile for that ID to create the security environment for the TP to run in. The TP can then access any data or resources that the user is allowed to access. The RACF profile can also provide individualized SYSOUT and accounting information for the TP to use. If there is no RACF profile available for the user ID, the inbound allocate request is rejected.

Figure 1 shows how APPC/MVS uses the RACF profile to establish a security environment when allocate requests include a user ID for which there is a RACF user profile on MVS.

Figure 1. Setting Security Environment from the RACF Profile
Setting Security Environment from the RACF Profile

For all inbound TPs on MVS, the security administrator must ensure that a RACF user profile exists for each user ID that the outbound TP might pass on the allocate request. If the outbound TP also passes a security profile name, the security administrator must also:

  1. Create a RACF group with that name
  2. Connect the user to the group.

When an inbound TP on MVS is allocated with a security type of NONE, the inbound TP runs without a user ID and can only access resources that are available with universal access.

Parent topic: Conversation Security: Protecting APPC/MVS TPs