Understanding System Authorization Facility profile names generated
by the Customization Dialog
The WebSphere Application Server for z/OS Customization Dialog generates
jobs that help you create the necessary System Authorization Facility (SAF)
profiles, such as STARTED, CBIND, or SERVER, that enable your server to run.
This article helps you understand how to work with these profiles and determine
if you need to also create your own.
At runtime, normal SAF specific and generic profile matching uses a combination
of the cell short name, cluster short name (or cluster transition name for
a non-clustered server), and server short name to select the appropriate matching
profile. See Global security settings for more information on SAF profiles.
WebSphere Application Server for z/OS customization uses two schemes, specific
and generic, in the creation of SAF profiles:
- With the specific profile scheme, a set of fully-qualified, specific profiles
are created to exactly match the short names that apply to the server you
customize. This is either an application server or deployment manager.
- With the generic profile scheme, a set of generic profiles are also created.
(For example, the STARTED class BBO*.* profiles.) The purpose of these generic
profiles is to provide a default profile for any server that is created administratively
and that has a default name so that the servers can operate successfully by
default.
Examples:
- An application server created through the administrative console has a
default server short name of BBOSnnn and a cluster short name (or cluster
transition name for a non-clustered server) of BBOCnnn, where nnn is a unique
number. By default, this server can start using the BBO* generic profiles.
- Node federation creates a node agent server. If the base application server
you federate is configured with a Java Message Service (JMS) integral provider,
then a standalone JMS server is also created. The node agent has a default
name of BBONnnn and the JMS server is BBOJnnn, where nnn is a unique number.
By default, these servers can start using the BBO* generic profiles.
The generic profiles that customization creates are not required and exist
only for your convenience in case you use the default server short names and
cluster short names (or cluster transition names for non-clustered servers)
generated by WebSphere Application Server for z/OS. You may choose to delete
the generic profiles if, for example, your organization has particular naming
conventions and you will not use the default names generated by WebSphere
Application Server for z/OS. In that case, ensure that you have your own strategy
for creating the required SAF profiles, either generic or specific, with your
own naming convention--WebSphere Application Server for z/OS does not create
them for you.

EJBROLES and GEJBROLES

Global security settings
RACF server class profiles
Searchable topic ID:
cinscdsaf
Last updated: Jun 21, 2007 9:56:50 PM CDT
WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/cins_cdsaf.html