Authorizing access to the temporary storage pools
You can control access by temporary storage (TS) servers to the TS pools in the coupling facility.
Each TS server can be started as a job or started task. The name of the TS queue pool for a TS server is specified at server startup. For each TS pool there can be only one TS server running on each MVS image in the sysplex.
Two security checks are made against the TS server's userid—that
is, the userid under which the job or started task is running. To ensure the
server passes these checks, do the following:
- Authorize the TS server region to connect to the coupling facility list
structure used for its own TS pool. This requires that the TS server userid
has ALTER authority to a coupling facility resource management (CFRM) RACF® profile called IXLSTR.structure_name in the
FACILITY general resource class.
For example, if the userid of the server is DFHXQTS1, and the list structure is called DFHXQLS_TSPRODQS, the following RACF commands define the profile and provide the required access:
RDEFINE FACILITY IXLSTR.DFHXQLS_TSPRODQS UACC(NONE) PERMIT IXLSTR.DFHXQLS_TSPRODQS CLASS(FACILITY) ID(DFHXQTS1) ACCESS(ALTER)
- Give the TS server's userid CONTROL access to the CICS® RACF profile called DFHXQ.poolname in the FACILITY general resource
class. This authorizes the TS server to act as a server for the named TS
pool.
For example, if the userid of the server is DFHXQTS1, and the pool name is TSPRODQS, the following RACF commands define the profile and provide the required access:
See System authorization facility (SAF) responses to the TS server for information about the responses to the TS server.RDEFINE FACILITY DFHXQ.TSPRODQS UACC(NONE) PERMIT DFHXQ.TSPRODQS CLASS(FACILITY) ID(DFHXQTS1) ACCESS(CONTROL)