Considering Automatic Restart Manager security

The z/OS CIM server is enabled for the Automatic Restart Manager (ARM).

If the CIM server is configured to use ARM in a sysplex, you must ensure that the XCF address space has the proper authorization to perform a restart. ARM must be able to issue operator commands from the XCF address space (XCFAS) to start the CIM server.

The CIM server is not running in supervisor mode. Therefore, the user ID running the CIM server must have proper SAF authorization to be allowed to register to ARM. Therefore the user ID running the CIM server also needs the SAF authorization for UPDATE access to the following FACILITY class resource:

Example:

IXCARM.DEFAULT.CFZ_SRV_<system_name>

Here is an example for entitling the CIM server user ID CFZSRV to register the CIM server for all machines within a sysplex using RACF®:

Example:

SETROPTS CLASSACT(FACILITY) GENERIC(FACILITY)
SETROPTS RACLIST(FACILITY)

RDEFINE FACILITY IXCARM.DEFAULT.CFZ_SRV_* UACC(NONE)

PERMIT IXCARM.DEFAULT.CFZ_SRV_* CLASS(FACILITY) +
       ID(CFZSRV) ACCESS(UPDATE)

SETROPTS RACLIST(FACILITY) REFRESH