Application Performance Analyzer for z/OS, Version 11.1, Customization Guide

Define the Application Performance Analyzer Listener authorization

This task defines the authorization required by the Application Performance Analyzer Listener to invoke RACF digital certificate commands (RACDCERT) to manage digital certificates.

In the previous section ‘Define the AT-TLS Policy Rules' an AT-TLS rule called APAListener was defined. It specified the owner of the rule to be any started task whose job name begins with "LI" (that is, the Application Performance Analyzer Listener started task). The user ID associated with the Application Performance Analyzer Listener started task is used by AT-TLS to invoke RACDCERT commands therefore it must be granted authority to the IRR.DIGTCERT.function resource in the FACILITY class.

In the example below, START2 is the user ID that has been associated with the Application Performance Analyzer Listener started task during the customization of the Application Performance Analyzer Listener. You must replace START2 in the following example with the Application Performance Analyzer Listener user ID defined at your installation.

//RACDCERT EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSUADS  DD DSN=SYS1.UADS,DISP=SHR
//SYSLBC   DD DSN=SYS1.BRODCAST,DISP=SHR
//SYSTSIN  DD *
 SETROPTS CLASSACT(DIGTCERT DIGTRING DIGTNMAP)
 RDEFINE FACILITY IRR.DIGTCERT.LIST     UACC(NONE)
 RDEFINE FACILITY IRR.DIGTCERT.LISTRING UACC(NONE)
 RDEFINE FACILITY IRR.DIGTCERT.GENCERT  UACC(NONE)
 PERMIT IRR.DIGTCERT.LIST     CLASS(FACILITY) ID(START2) ACCESS(CONTROL)
 PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(START2) ACCESS(CONTROL)
 PERMIT IRR.DIGTCERT.GENCERT  CLASS(FACILITY) ID(START2) ACCESS(CONTROL)
 SETROPTS RACLIST (DIGTCERT) REFRESH
 SETROPTS RACLIST (DIGTRING) REFRESH
 SETROPTS RACLIST (DIGTNMAP) REFRESH
 SETROPTS RACLIST (FACILITY) REFRESH
//



Rate this page

[ Top of Page | Previous Page | Next Page | Contents | Index ]