Requirements for the Log Forwarder user ID

The user ID that is associated with the Log Forwarder started task must have the required authorities for file access and for issuing z/OS® console messages.

The following information further describes the required authorities:

File access authority
Authority to issue z/OS console messages

Tip: The Log Forwarder user ID does not require any special MVS™ authority to run the Log Forwarder.

File access authority

The Log Forwarder user ID must have the appropriate authority to access the Log Forwarder program files, which include the installation files, the configuration files, and the files in the working directory.

Installation file access: The Log Forwarder user ID must have read and execute permissions to the Log Forwarder installation files in the UNIX System Services file system.
Configuration file access: The Log Forwarder user ID must have read permission to the Log Forwarder configuration files in the UNIX System Services file system.
Important: The user ID that configures the Log Forwarder must have read/write permission to the configuration files.
Working directory access: The Log Forwarder user ID must have read and write permissions to the Log Forwarder working directory, which is described in Creating the Log Forwarder started task. The Log Forwarder user ID must also have permission to change the permission bits for a file in the Log Forwarder working directory.

Authority to issue z/OS console messages

The Log Forwarder user ID must have the authority to issue z/OS console messages.

If you are using the RACF® as your System Authorization Facility (SAF) product, complete one of the following options to assign this authority:

Option 1 if you are using RACF

You can use the HBORACF procedure in the SHBOSAMP library to create a user ID for the Log Forwarder started task (HBOPROC procedure) and associate that user ID with the started task. The documentation that is provided in the HBORACF sample includes more information, and the following steps outline this process:

Copy the HBORACF procedure to a user job library.
To define a user ID and associate it with the Log Forwarder started task (HBOPROC procedure), update your copy of the HBORACF procedure according to the comments in the sample and the following instructions:
- If the user ID exists, comment out the ADDUSER statement.
- If a user ID other than HBOLGF is to be associated with the HBOPROC procedure, change the USER value on the STDATA parameter.
Submit your updated copy of the HBORACF procedure.

Option 2 if you are using RACF

Complete the following steps:

In RACF, add the BPX.CONSOLE resource to the class FACILITY by using the General Resource Profiles option in the RACF Services Option Menu.
In the BPX.CONSOLE profile that was created (or updated) in the preceding step, add the user ID that the Log Forwarder started task is associated with, and assign read access to the user ID.
Run the following command to activate your changes:
```
SETROPTS RACLIST(FACILITY) REFRESH
```

Tips:

The user ID that the HBORACF procedure creates is named HBOLGF. The Log Forwarder started task does not require the user ID to be HBOLGF. This user ID is provided only as a convenience.
If the SAF product for your environment is not RACF, use the HBORACF sample procedure and the SAF product documentation to create the appropriate definitions in the SAF product.