You can control access by named counter servers to the named counter pools
in the coupling facility. Each named counter server can be started as a job
or started task. The name of the named counter pool for a named counter server
is specified at server startup. For each named counter pool there can be only
one server running on each MVS™ image in the sysplex.
Two security checks are made against the named counter server's userid—that
is, the userid under which the job or started task is running. To ensure the
server passes these checks, do the following:
- Authorize the named counter server region to connect to the coupling facility
list structure used for its own named counter pool. This requires that the
named counter server userid has ALTER authority to a coupling facility resource
management (CFRM) RACF® profile called IXLSTR.structure_name in the
FACILITY general resource class.
For example, if the userid of the server
is DFHNCSV1, and the list structure is called DFHNCLS_DFHNC001, the following
RACF commands define the profile and provide the required access:
RDEFINE FACILITY IXLSTR.DFHNCLS_DFHNC001 UACC(NONE)
PERMIT IXLSTR.DFHNCLS_DFHNC001 CLASS(FACILITY) ID(DFHNCSV1) ACCESS(ALTER)
To reduce security administration, use the same named counter server
userid to start each named counter server that supports the same named counter
pool.
- Give the named counter server's userid CONTROL access to the CICS RACF
profile called DFHNC.poolname in the FACILITY general resource class.
This authorizes the named counter server to act as a server for the named
counter pool.
For example, if the userid of the server is DFHNCSV1, and
the pool name is DFHNC001, the following RACF commands define the profile
and provide the required access:
RDEFINE FACILITY DFHNC.DFHNC001 UACC(NONE)
PERMIT DFHNC.DFHNC001 CLASS(FACILITY) ID(DFHNCSV1) ACCESS(CONTROL)
See
System authorization facility (SAF) responses to the named counter server for information about the responses to the CFDT server.