WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Specifying an alternative user ID to run an execution group on z/OS

You can change the user ID under which an execution group runs so that it can access resources according to the permissions assigned to it, rather than the permissions assigned to the main broker user ID.

Before you start

Complete the following steps to specify an alternative user ID for the execution group, to be used instead of the broker's user ID:

  1. Create the new RACF® started task profile with a new user ID, which will be used to run the execution group. Consider the following points when you are creating the new started task:
    • The new started task must be created with an OMVS segment including a unique UID, home directory, and the ability to create data sets under the broker's HLQ and alias.
    • The started task procedure name to be used for the execution group address space must start with the same four characters as the main broker started task. For example, if the main broker started task is MQ01BRK, the started task name for the execution group could be MQ01EG1 but not MQ02EG2. As a result, consistency is maintained between the main broker started task, the execution group, and the queue manager, which helps to identify the relationship between them. If the first four characters are not the same, the execution group is started using the main broker started task JCL.
  2. Ensure that the new user ID associated with the new started task JCL has the same RACF primary group as the existing broker user ID, so that they can access shared resources. Also ensure that the new user ID has the required privileges to the existing broker filesystem and dataset (which it should have through the primary group access).
  3. Ensure that the MQ and SMF authorizations are updated for the new user ID; for more information, see Summary of required access (z/OS).
  4. Copy the existing broker started task JCL to the new started task JCL in the PROCLIB.
  5. Ensure that the main broker user ID has been granted permission to the SUPERUSER.PROCESS.KILL RACF profile. This permission is required so that the main control address space can recover any existing execution group address spaces in the event of a failure.
  6. Refresh the started RACF classes to implement the updates.
  7. Change the user ID by adding the appropriate environment variable to the broker’s profile.
    • The execution group name specified in the environment variable is the last 8 characters of the execution group, after any overrides have been applied. This is the same 8-character name that is displayed as the STEPNAME against the execution group address space in SDSF.
    • Ensure that the execution group name contains only characters that are valid in the environment variable. If invalid characters are used, the user ID cannot be overridden.
    • If you specify more than one environment variable, they are read in the following order (with MQSI_STARTEDTASK_FIXED_executionGroupName taking precedence):
      1. MQSI_STARTEDTASK_FIXED_executionGroupName
      2. MQSI_STARTEDTASK_MULTI_executionGroupName
      3. MQSI_STARTEDTASK_DEFAULT
      where executionGroupName is the name of your execution group. For example:
      • export MQSI_STARTEDTASK_FIXED_DEFAULT=MQ01EG1 changes any execution group which has the last 8 characters equal to DEFAULT to started task MQ01EG1
      • export MQSI_STARTEDTASK_MULTI_TEST=MQ01EG2 changes any execution group which has the last 8 characters starting with TEST to started task MQ01EG2
      • export MQSI_STARTEDTASK_DEFAULT=MQ01EG3 changes all execution groups which are not overridden by MQSI_STARTEDTASK_FIXED_executionGroupName or MQSI_STARTEDTASK_MULTI_executionGroupName to started task MQ01EG3.
  8. Submit BIPGEN to the broker's ENVFILE.
  9. Restart the broker.
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:48:06


Task topicTask topic | Version 8.0.0.7 | be28900_