Security requirements for collecting IMS logs from OLDS

If you collect IMS log records from IMS online log data sets (OLDS), the user ID that is associated with the System Data Engine started task (HBOIMS by default) must be granted with the necessary authorities.

About this task

The following information further describes the required authorities:
Authority to read the RECON data sets and Online Log data sets (OLDS)
For example, if you are using the RACF® as your System Authorization Facility (SAF) product, you must give the System Data Engine user ID read authority to the profiles for the IMS RECON and online log data sets.
PERMIT hlq.RECON* CLASS(DATASET) ACCESS(READ) ID(userid) 
PERMIT hlq.OLP* CLASS(DATASET) ACCESS(READ) ID(userid) 
hlq is the high-level qualifier of the RECON and online log data sets.
Authority to issue the DBRC API requests
For example, if you are using the RACF to protect the DBRC API requests, you must give the System Data Engine user ID read authority to the following security resource profiles.
PERMIT hlq.STDBRC CLASS(FACILITY) ACCESS(READ) ID(userid) 
PERMIT hlq.LIST.LOG.ALLOLDS CLASS(FACILITY) ACCESS(READ) ID(userid)
PERMIT hlq.LIST.RECON.STATUS CLASS(FACILITY) ACCESS(READ) ID(userid)
hlq is the high-level qualifier of the resource name.
Authority to register with SCI
If RECON Loss Notification is enabled for the IMS subsystem, the System Data Engine must have the authority to register with SCI. For example, if you are using the RACF to protect the SCI security for the IMSplex PLEX1, you must give the System Data Engine user ID read authority to the following security resource profiles.
RDEFINE FACILITY CSL.CSLPLEX1 UACC(NONE)
PERMIT CSL.CSLPLEX1 CLASS(FACILITY) ACCESS(UPDATE) ID(userid)
SETROPTS RACLIST(FACILITY) REFRESH