Configuring server security

The SDSF server requires security configuration before it can be started. The server consists of two address spaces, by default named SDSF and SDSFAUX.

Configure the server as follows:
  1. Ensure that the SAF SDSF class is RACLISTed. For more information on RACLIST, see SDSF and RACF.
  2. Define a user ID associated with the SDSF and SDSFAUX address spaces by adding a profile to the SAF STARTED class. The same user ID can be used for both address spaces. For example: 
    RDEFINE STARTED SDSF*.* STDATA(USER(SDSF))
    associates user ID SDSF with both the SDSF and SDSFAUX address spaces.
  3. Allow the SDSF server to access your WLM policy. For example: 
    PERMIT MVSADMIN.WLM.POLICY ACCESS(READ) CLASS(FACILITY) ID(SDSF)
    allows user ID SDSF to gather WLM data.
  4. Allow the SDSFAUX server to gather RMF information. For example: 
    PERMIT ERBSDS.MON2DATA ACCESS(READ) CLASS(FACILITY) ID(SDSF)
  5. Ensure that the user ID associated with the SDSFAUX address space has an OMVS segment so that it can invoke USS services. UID(0) is not required.

Additional SAF resources are used to secure other functions of the SDSF server, such as use of the server operator parms.

For more information, see SDSF server.