You can control access by temporary storage (TS) servers to the TS pools
in the coupling facility. Each TS server can be started as a job or started
task. The name of the TS queue pool for a TS server is specified at server
startup. For each TS pool there can be only one TS server running on each MVS™ image
in the sysplex.
Two security checks are made against the TS server's userid—that
is, the userid under which the job or started task is running. To ensure the
server passes these checks, do the following:
- Authorize the TS server region to connect to the coupling facility list
structure used for its own TS pool. This requires that the TS server userid
has ALTER authority to a coupling facility resource management (CFRM) RACF® profile called IXLSTR.structure_name in the
FACILITY general resource class.
For example, if the userid of the server
is DFHXQTS1, and the list structure is called DFHXQLS_TSPRODQS, the following
RACF commands define the profile and provide the required access:
RDEFINE FACILITY IXLSTR.DFHXQLS_TSPRODQS UACC(NONE)
PERMIT IXLSTR.DFHXQLS_TSPRODQS CLASS(FACILITY) ID(DFHXQTS1) ACCESS(ALTER)
To reduce security administration, use the same TS server userid to
start each TS server that supports the same TS pool.
- Give the TS server's userid CONTROL access to the CICS® RACF profile
called DFHXQ.poolname in the FACILITY general resource
class. This authorizes the TS server to act as a server for the named TS
pool.
For example, if the userid of the server is DFHXQTS1, and the pool
name is TSPRODQS, the following RACF commands define the profile and provide
the required access:
RDEFINE FACILITY DFHXQ.TSPRODQS UACC(NONE)
PERMIT DFHXQ.TSPRODQS CLASS(FACILITY) ID(DFHXQTS1) ACCESS(CONTROL)
See
System authorization facility (SAF) responses to the TS server for information about the responses to the TS server.