Security requirements for collecting IMS logs from OLDS
If you collect IMS log records from IMS online log data sets (OLDS), the user ID that is
associated with the System Data Engine started task (HBOIMS
by default) must be
granted with the necessary authorities.
About this task
The following information further describes the required authorities:
- Authority to read the RECON data sets and Online Log data sets (OLDS)
- For example, if you are using the RACF® as your System Authorization Facility (SAF) product, you must give the System
Data Engine user ID read authority to the profiles for the IMS RECON and online log data
sets.
hlq is the high-level qualifier of the RECON and online log data sets.PERMIT hlq.RECON* CLASS(DATASET) ACCESS(READ) ID(userid) PERMIT hlq.OLP* CLASS(DATASET) ACCESS(READ) ID(userid)
- Authority to issue the DBRC API requests
- For example, if you are using the RACF to protect the DBRC API requests, you must give the System Data Engine user ID read authority to the following security resource profiles.
hlq is the high-level qualifier of the resource name.PERMIT hlq.STDBRC CLASS(FACILITY) ACCESS(READ) ID(userid) PERMIT hlq.LIST.LOG.ALLOLDS CLASS(FACILITY) ACCESS(READ) ID(userid) PERMIT hlq.LIST.RECON.STATUS CLASS(FACILITY) ACCESS(READ) ID(userid)
- Authority to register with SCI
- If RECON Loss Notification is enabled for the IMS subsystem, the System Data Engine must have the authority to register with SCI. For example, if you are using the RACF to protect the SCI security for the
IMSplex PLEX1
, you must give the System Data Engine user ID read authority to the following security resource profiles.RDEFINE FACILITY CSL.CSLPLEX1 UACC(NONE) PERMIT CSL.CSLPLEX1 CLASS(FACILITY) ACCESS(UPDATE) ID(userid) SETROPTS RACLIST(FACILITY) REFRESH