Previous Topic Next topic Print topic


User authorizations

As stated above, all users need an OMVS segment for TCPIP to work correctly. In addition, the scheduler task and the holder task must be authorized in class OPERCMDS to issue the following operator commands:

Function/Configuration Parameter Type Command
START/STOP/CANCEL MVS command START <scheduler>

START <userserver>

STOP <scheduler>

STOP <userserver>

CANCEL <scheduler>

CANCEL <userserver>

PORTCHECK=1 (Port check function) MVS command DISPLAY TCPIP
TSOE_CLEANUP=1 JESx command JES2: $C

JES3: *F

Note: If the configuration parameters listed above are not in use (which means they are set to 0), the appropriate commands are not executed and do not need to be authorized.

If the JESSPOOL RACF class is active, a RACF general resource profile of the following format must be defined for each user:

<NODENAME>.<STCUSR>.<USERSERVER>.**

where:

<NODENAME>
is the installation’s node name
<STCUSR>
is the started task user ID of the user server
<USERSERVER>
is the job name of the user server (TSO user ID plus TSOE_JOBPREFIX)

Every TSO user must have UPDATE access to this profile allowing every TSO user to allocate spool datasets that begin with a high level qualifier equal to the STC user ID.

Example: Assuming the node id is NODE, the user ID of the z/Server started tasks is TAUUSR, TSOE_JOBPREFIX is Z, and the user ID is USR123, then the RACF general resource profile should be defined as follows:

NODE.TAUUSR.ZUSR123.**

If the installation protects the use of Extended MCS consoles, then every scheduler address space must be authorized to activate an EMCS console. The naming convention for these consoles is aaaaxxxx with aaaa the first to fourth character of the system name and xxxx the address space ID of the address space establishing the EMCS console in hexadecimal notation.

Previous Topic Next topic Print topic