Member CAZCNFG1 in hlq.SCAZSAMP contains suggested Application Performance Analyzer rules. You need to carefully review these, and make changes for your own installation. For example, rule number 06 allows all users to measure stated tasks. However, you might want to control who is able to run measurements of, for example, your CICS® regions, in which case you would have to specify more specific rules controlling started task measurement. Measurement of CICS regions can either be permitted or restricted, more detailed options are not available.
The rules supplied in CAZCNFG1 leave access fairly open, and their equivalent RACF® profiles are shown below:
01 CAZRULE *,allow,ViewRequestsOwnedBy,========
/* This is a default, no RACF profile required. */
02 CAZRULE *,allow,DeleteRequestsOwnedBy,========
/* This is a default, no RACF profile required. */
03 CAZRULE *,allow,UpdateRequestsOwnedBy,========
/* This is a default, no RACF profile required. */
04 CAZRULE *,allow,MeasureJOB,*
/* RDEFINE FACILITY CAZ0.MEASURE.JOB.* UACC(READ) */
05 CAZRULE *,allow,MeasureSTC,*
/* RDEFINE FACILITY CAZ0.MEASURE.STC.* UACC(READ) */
06 CAZRULE *,allow,MeasureTSU,========
/* This is a default, no RACF profile required. */
07 CAZRULE *,allow,UseDB2Plus,*
/* RDEFINE FACILITY CAZ0.USE.DB2PLUS UACC(READ) */
08 CAZRULE *,allow,UseIMSPlus,*
/* RDEFINE FACILITY CAZ0.USE.IMSPLUS UACC(READ) */
09 CAZRULE *,allow,MonitorJOB,*
/* RDEFINE FACILITY CAZ0.MONITOR.JOB.* UACC(READ) */
10 CAZRULE *,allow,MonitorSTC,*
/* RDEFINE FACILITY CAZ0.MONITOR.STC.* UACC(READ) */
11 CAZRULE *,allow,MonitorTSU,========
/* This is a default, no RACF profile required. */
12 CAZRULE *,allow,UseWLMI,*
/* RDEFINE FACILITY CAZ0.USE.WLMI UACC(READ) */
13 CAZRULE *,allow,UseCICSPlus,*
/* RDEFINE FACILITY CAZ0.USE.CICSPlus UACC(READ) */
14 CAZRULE ADMIN01,allow,AdministerProduct,*
/* RDEFINE FACILITY CAZ0.ADMINISTERPRODUCT UACC(NONE) */
/* PERMIT CAZ0.ADMINISTERPRODUCT ID(ADMIN01) */
15 CAZRULE *,allow,UseWAS,*
/* RDEFINE FACILITY CAZ0.USE.WAS UACC(READ) */
Rule number | Explanation |
---|---|
01 | Users can view reports for only their own measurement requests. Access to reports for other users’ requests is denied. |
02 | Users can only delete their own measurement requests. |
03 | Users can only modify/cancel their own measurement requests. |
04 | Any user can measure jobs with any jobname. |
05 | Any user is allowed to measure a started task. |
06 | Any user is allowed to measure his/her own TSO region. |
07 | Any user is allowed to turn on the DB2+ data extractor. |
08 | Any user is allowed to turn on the IMS+ data extractor. |
09 | Any user is allowed to threshold-monitor jobs with any jobname. |
10 | Any user is allowed to threshold-monitor a started task. |
11 | Any user is allowed to threshold-monitor his or her own TSO region. |
12 | Any user is allowed to measure a specific DB2 stored procedure or user-defined function and/or turn on the collateral DB2 (CDB2) data extractor. |
13 | Any user is allowed to turn on the CICS+ data extractor. |
14 | Allow user ADMIN01 to update the common list of data sets in the common data store. Disallow update access to all other users. When expiry days warning is enabled, ADMIN01 will see the expiry days warning for all users' observations. All other users will see the expiry days warning for their own observations only. |
15 | Any user is allowed to turn on the WAS data extractor. |