Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
System Authorization Facility (SAF) requirements z/OS MVS Programming: Sysplex Services Guide SA23-1400-00 |
|
For the IXCNOTE requests listed below, your program needs appropriate SAF authorization to the FACILITY class resource IXCNOTE.owner.application, where owner and application are derived from the note pad name. See Note pad name for more information about note pad names. The installation instructions for your application should document the names of your note pads so the security administrator can define these profiles. If SAF is installed and a SAF profile is defined for the relevant class of note pads, the decision returned by SAF is always honored by XCF. If your program does not have SAF authorization, the IXCNOTE request is rejected. If SAF is not installed, or if a SAF profile is not defined for the relevant class of note pads, XCF determines whether your program is running authorized. If your program is not running authorized, the IXCNOTE request is rejected. If your program is running authorized, the request is allowed to proceed. The following IXCNOTE requests require SAF authorization:
In general, XCF does not perform SAF checks for requests that process
notes in the note pad (single note and multi-note requests). Similarly,
XCF does not generally perform SAF checks for delete connection requests. However, XCF might perform a SAF check when the security environment
of the requesting work unit appears to differ from the security environment
of the work unit that created the connection. For example, if a connection
has address space scope, a SAF check might be performed if the work
unit that issues the request has its own security environment. For
a connection with task scope, a SAF check might be performed if the
work unit that issues the request is not the connector task. If a
SAF check is performed, the program must have access that is appropriate
for the type of request being issued:
|
Copyright IBM Corporation 1990, 2014
|