Controlling application environments with RACF server class profiles

The Resource Access Control Facility (RACF®) server class profiles are used to control dynamic application environments. Dynamic application environments are displayed and controlled separately from static application environments.

Before you begin

Note: To use dynamic application environment commands you must be running z/OS® Version 1 Release 4 or above with the WLM-DAE support PTF APAR OW54622 enabled.

To set up both the three-part or four-part RACF server class profiles for the application server or cluster for your dynamic application environment, the user ID for the servant must be given read access to both of the profiles.

About this task

The Resource Access Control Facility (RACF) server class profiles are used to:
  1. Permit the unauthorized WebSphere® Application Server servant access to controller services
  2. Control dynamic application environments, which are displayed and controlled differently from static application environments

Choose between two SERVER class profiles. You need one of these profiles, and which profile you need correlates to dynamic application environment (DAE) support.

Procedure

Example

The existing three-part profile has the form:

<subsystem_type>.<subsystem_name>.<application_environment_name>

where:
  • <subsystem_type> is CB
  • <subsystem_name> is the application server short name.
  • <application_environment_name> is the application server generic short name, as specified in the WebSphere Application Server variables. If the server resides in a cluster, the name specified here must match the cluster short name. If the server does not reside in a cluster, the name must match the name specified on the ClusterTransitionName custom property for the server .

The four-part profile adds the cell name to avoid ambiguities with existing profile names. The four-part profile has the form:

<subystem_type>.<subsystem_name>.<application_environment_name>.<cell_name>

where:
  • <cell_name> is the short name of the cell containing this application server.

Three-part profile names:

Four-part profile names:

If you do not want to discriminate between any of the application servers, you can eliminate all the specified profiles and use a generic form to cover the three and four-part names for all the servers in the sysplex:
  • CB.*.T5*
  • CB.*.T5*.*



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Oct 22, 2010 12:21:29 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-zos&topic=tsec_racf_profile
File name: tsec_racf_profile.html