When your programmer implements TCP/IP for RRSF node connections, you must define and activate certain SERVAUTH class profiles to enable the RRSF functions on each node to access TCP/IP network resources. Be sure to add the user ID of the RACF® subsystem to the appropriate access lists as shown in the steps that follow, even when the user ID has the TRUSTED or PRIVILEGED attribute on your system.

You might need to authorize the RACF subsystem to access additional SERVAUTH resources depending on the security definitions in effect for your network. For detailed information about network security options using SERVAUTH resources, see z/OS Communications Server: IP Configuration Guide.

In general, if insufficient access to a SERVAUTH resource causes an ICH408I message to be issued during an RRSF connection attempt, you will likely need to explicitly permit the user ID of the RACF subsystem.

Exception: During a system IPL or TCP/IP restart, if an ICH408I message occurs that is related to insufficient access to the EZB.INITSTACKsysname.tcpname resource, do not explicitly permit the RACF subsystem. This message should be ignored.