Server security

Server startup requirement

RSE API servers verify that they are started as started tasks. This allows you to use the standard security profiles for operator commands to ensure only authorized users can start them. If access to console commands is restricted, the user requires console access and the UPDATE permission to profile MVS.START.STC.mbrname.** in the OPERCMDS class.

For more information on operator command protection, see Security Server RACF® Security Administrator's Guide (SA22-7683).

A server can also be started as a batch job if the user ID used to run the server has explicit permission to the related profile documented in table 1.

Table 1. Server batch startup profile
Server	Default class	Profile	Permission
RSE API server	`FACILITY`	`HUH.START.BATCH.jobname.port`	READ

Table 2. Substitution
Name	Substitution
jobname	Name of the job
port	Server port number

Note: RSE API servers assume a user has no access authorization when the security software indicates that it cannot determine whether the user is authorized to a profile. An example of this is when the profile is not defined.

Administrator API requirement

The RSE API Administrator API provides helpful methods for server operation, such as updating user and server log level dynamically. Users must be granted proper permission to use this API. The RSE API server verifies that users have read permission to the RSEAPI admin profile HUH.API.ADMIN.CMD to allow them to run an Administrator API command.

Note: The cancelActivity does not require the admin profile read permission.