Set up Security Access Rules

If you are using a preloaded JVMTI agent, or you have granted USS superuser privileges to the Application Performance Analyzer started task, you can skip this step.

For J9VM support, the Application Performance Analyzer started task must have an OMVS definition in RACF® to access USS data and programs. It requires USS authorization for the following:
  • Read and execute permission on the directories specified by the JavaHome and USSHome settings in the CONFIG SAMPLE statement. Refer to CONFIG SAMPLE statement for more details on these settings.
  • Read, write, and execute permission on the /tmp directory.
    Application Performance Analyzer looks in the /tmp directory for the attach information for Java™. If the default temporary directory is not /tmp, you must add the following Java run time parameter to the applications being measured: 
    -Dcom.ibm.tools.attach.directory=/tmp/.com_ibm_tools_attach

    The J9VM creates work files in the directory /tmp/.com_ibm_tools_attach.

    If the Application Performance Analyzer configuration setting DiagLevel is set to 7 or higher, Application Performance Analyzer creates a diagnostic file for each observation request in the directory /tmp/CAZ. The diagnostic file is named sysid.nnnn.pppppppp.JVMTI.txt, where sysid is the Application Performance Analyzer started task identifier, nnnn is the observation request number, and pppppppp is the process id of the target application.

    Application Performance Analyzer also writes stdout and stderr files in the /tmp/CAZ directory if DiagLevel is set to 7 or higher. The files are named sysid.stdout and sysid.stderr, where sysid is the Application Performance Analyzer-started task identifier.

Parent topic: Customizing Application Performance Analyzer for use with J9VM