Examples
The following table provides examples of how a system name is derived.
The examples assume the following:
- SYSTEMD is a development system
- SYSTEMP is a production system
- SYSTEMD and SYSTEMP are part of the same sysplex group
- There is one instance of Application Performance Analyzer running on SYSTEMD and one running on SYSTEMP, and both instances are part of the same Application Performance Analyzer sysplex group
- Users DEV1 and DEV2 have full access to all observations owned by DEV* users whose servicing system was SYSTEMD
- DEV1 and DEV2 have full access to creating observations for address spaces that execute on SYSTEMD
- When signed on to SYSTEMP, users DEV1 and DEV2 are limited to sampling their own TSO session and updating those observations
- Users DEV1 and DEV2 can view, keep, or delete any observation that was serviced by SYSTEMD
- User ADM1 is an administrator who has full access to all observations on all systems
| User ID | Action | Logon system | Target system | Servicing system | Comments |
|---|---|---|---|---|---|
| DEV1 | Add new observation | SYSTEMD | SYSTEMD | n/a | Access granted based on target system. |
| DEV1 | Add new observation | SYSTEMD | SYSTEMP | n/a | Access denied based on target system. |
| DEV1 | Add new observation | SYSTEMD | * (any) | n/a | Access provisionally granted. Access will be checked again based on the system where the job finally executes. |
| DEV1 | Delete completed observation | SYSTEMD | SYSTEMD | SYSTEMD | Access granted based on servicing system. |
| DEV1 | Delete completed observation | SYSTEMD | * (any) | SYSTEMP | Access denied based on servicing system. |
| DEV1 | Delete completed observation of DEV1 TSO session | SYSTEMD | SYSTEMP | SYSTEMP | Access granted. User is allowed to update observation that he owns. |
| DEV1 | Delete scheduled observation owned by DEV2 | SYSTEMD | * (any) | n/a | Access granted. Since the system name is not known, SYSTEMD (the logon system) will be used to determine the resource profile name. |
| DEV1 | Delete scheduled observation owned by DEV2 | SYSTEMD | SYSTEMD | n/a | Access granted. Target system used to determine the resource profile name. |
| DEV1 | Modify scheduled observation | SYSTEMD | SYSTEMD | n/a | Access granted based on target system. |
| DEV1 | Modify scheduled observation | SYSTEMD | * (any) | n/a | Access denied based on logon system and owner ADM1. |
| DEV1 | Add new observation | SYSTEMP | SYSTEMD | n/a | Access granted based on target system. |
| DEV1 | Add new observation | SYSTEMP | SYSTEMP | n/a | Access denied based on target system. |
| DEV1 | Add new observation to measure DEV1's active TSO session | SYSTEMP | SYSTEMP | SYSTEMP | Access granted. User is allowed to measure his own TSO session. |
| DEV1 | Delete completed observation owned by DEV2 | SYSTEMP | * (any) | SYSTEMP | Access granted based on servicing system. |
The following examples illustrate how to define RACF® profiles based on the examples in the table
above. The examples assume the following:
- The RACF group, ADMGRP, contains user IDs ADM1 and ADM2
- The RACF group, DEVGRP, contains user IDs DEV1 and DEV2
- SYSTEMD and SYSTEMP are part of the same sysplex group
- The RACF database is shared by SYSTEMD and SYSTEMP
- There is one instance of Application Performance Analyzer running on SYSTEMD and one instance of Application Performance Analyzer running on SYSTEMP
The following RACF commands define the resource profiles that are dependant on the MVS™ system name.
RDEFINE FACILITY SYSTEMD.VIEW.* UACC(NONE)
RDEFINE FACILITY SYSTEMD.UPDATE.* UACC(NONE)
RDEFINE FACILITY SYSTEMD.DELETE.* UACC(NONE)
RDEFINE FACILITY SYSTEMD.MEASURE.** UACC(NONE)
RDEFINE FACILITY SYSTEMD.MONITOR.** UACC(NONE)
RDEFINE FACILITY SYSTEMD.VIEW.DEV% UACC(NONE)
RDEFINE FACILITY SYSTEMD.UPDATE.DEV% UACC(NONE)
RDEFINE FACILITY SYSTEMD.DELETE.DEV% UACC(NONE)
RDEFINE FACILITY SYSTEMD.USE.DB2PLUS UACC(NONE)
RDEFINE FACILITY SYSTEMD.USE.IMSPLUS UACC(NONE)
RDEFINE FACILITY SYSTEMD.USE.WLMI UACC(NONE)
RDEFINE FACILITY SYSTEMD.USE.CICSPlus UACC(NONE)
RDEFINE FACILITY SYSTEMD.USE.WAS UACC(NONE)
RDEFINE FACILITY SYSTEMP.VIEW.* UACC(NONE)
RDEFINE FACILITY SYSTEMP.UPDATE.* UACC(NONE)
RDEFINE FACILITY SYSTEMP.DELETE.* UACC(NONE)
RDEFINE FACILITY SYSTEMP.MEASURE.** UACC(NONE)
RDEFINE FACILITY SYSTEMP.MONITOR.** UACC(NONE)
RDEFINE FACILITY SYSTEMP.VIEW.DEV1 UACC(NONE)
RDEFINE FACILITY SYSTEMP.VIEW.DEV2 UACC(NONE)
RDEFINE FACILITY SYSTEMP.UPDATE.DEV1 UACC(NONE)
RDEFINE FACILITY SYSTEMP.UPDATE.DEV2 UACC(NONE)
RDEFINE FACILITY SYSTEMP.DELETE.DEV1 UACC(NONE)
RDEFINE FACILITY SYSTEMP.DELETE.DEV2 UACC(NONE)
RDEFINE FACILITY SYSTEMP.USE.DB2PLUS UACC(NONE)
RDEFINE FACILITY SYSTEMP.USE.IMSPLUS UACC(NONE)
RDEFINE FACILITY SYSTEMP.USE.WLMI UACC(NONE)
RDEFINE FACILITY SYSTEMP.USE.CICSPlus UACC(NONE)
RDEFINE FACILITY SYSTEMP.USE.WAS UACC(NONE)The following RACF commands permit users ADM1 and ADM2 to view, update, or delete any observations. The RACF commands also allow users ADM1 and ADM2 to measure or threshold-monitor any address space type in which SYSTEMD is the servicing system.
PERMIT SYSTEMD.VIEW.* CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMD.UPDATE.* CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMD.DELETE.* CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMD.MEASURE.** CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMD.MONITOR.** CLASS(FACILITY) ID(ADMGRP)ACCESS(READ)The following RACF commands permit users DEV1 and DEV2 to view, update, or delete any observations owned by either DEV1 or DEV2 in which SYSTEMD is the servicing system. The RACF commands also allow users DEV1 and DEV2 to measure or threshold-monitor any address space type in which the target system or servicing system is SYSTEMD.
PERMIT SYSTEMD.VIEW.DEV% CLASS(FACILITY) ID(DEVGRP) ACCESS(READ)
PERMIT SYSTEMD.UPDATE.DEV% CLASS(FACILITY) ID(DEVGRP) ACCESS(READ)
PERMIT SYSTEMD.DELETE.DEV% CLASS(FACILITY) ID(DEVGRP) ACCESS(READ)
PERMIT SYSTEMD.MEASURE.** CLASS(FACILITY) ID(DEVGRP) ACCESS(READ)
PERMIT SYSTEMD.MONITOR.** CLASS(FACILITY) ID(DEVGRP) ACCESS(READ)The following RACF commands permit all users to activate DB2Plus, IMSPlus, WLMI, CICSI and WAS for observations in which the target system or servicing system is SYSTEMD.
PERMIT SYSTEMD.USE.DB2PLUS CLASS(FACILITY) ACCESS(READ)
PERMIT SYSTEMD.USE.IMSPLUS CLASS(FACILITY) ACCESS(READ)
PERMIT SYSTEMD.USE.WLMI CLASS(FACILITY) ACCESS(READ)
PERMIT SYSTEMD.USE.CICSPlus CLASS(FACILITY) ACCESS(READ)
PERMIT SYSTEMD.USE.WAS CLASS(FACILITY) ACCESS(READ)The following RACF commands
permit users ADM1 and ADM2 to view,
update, or delete any observations. The RACF commands
also allow users ADM1 and ADM2 to
measure or threshold-monitor any address space type in which the servicing
system is SYSTEMP.
Note: By default, all users can
measure their own TSO sessions.
PERMIT SYSTEMP.VIEW.* CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMP.UPDATE.* CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMP.DELETE.* CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMP.MEASURE.** CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMP.MONITOR.** CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)The following RACF commands permit users ADM1 and ADM2 to activate DB2Plus, IMSPlus, WLMI, CICSI, and WAS for observation in which the target system or the servicing system is SYSTEMD.
PERMIT SYSTEMD.USE.DB2PLUS CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMD.USE.IMSPLUS CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMD.USE.WLMI CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMD.USE.CICSPlus CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMD.USE.WAS CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)The following RACF commands
permit users ADM1 and ADM2 to maintain
the common list of source files in the Common Data Store and to see
the expiry days warning for all users’ observations on SYSTEMD and SYSTEMP:
PERMIT SYSTEMD.ADMINISTERPRODUCT CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)
PERMIT SYSTEMP.ADMINISTERPRODUCT CLASS(FACILITY) ID(ADMGRP) ACCESS(READ)