Set Up Security › Access Requirements for User ID Associated with the CA CSM Application Server

Access Requirements for User ID Associated with the CA CSM Application Server

For CA CSM to operate successfully, the user ID associated with the CA CSM application server (MSMTC MSMTC/MSMTCSRV is the job stream or started task associated with the CA CSM application server. job or started task) requires the following access authorities:

1. Your security administrator must configure access to UNIX System Services (USS) for CA CSM. The CA CSM application server user ID must have an OMVS segment with a valid home directory with RDWR access. The CA CSM application server user ID is expected to have UID(0). If you want to configure CA CSM without UID(0), see the Administration Guide.
2. Your security administrator must configure the following access:
   • Permission to access the following FACILITY class profiles that are related UNIX:
     • BPX.FILEATTR.APF (READ authority)
     • BPX.FILEATTR.PROGCTL (READ authority)
     • BPX.FILEATTR.SHARELIB (READ authority)
     • BPX.SERVER (UPDATE authority)
     • BPX.CONSOLE (READ authority)
   • Permission to access the SERVAUTH class profile, EZB.STACKACCESS (READ authority)
   • CA ACF2 for z/OS only: MUSASS permission for users who start CA CSM
   • If your site uses CA SAF HFS security, the following access:
     • BPX.CAHFS.SET.RLIMIT (READ authority)
     • BPX.CAHFS.PTRACE (READ authority)
     • BPX.CAHFS.MOUNT (READ authority)
     • BPX.CAHFS.UNMOUNT (READ authority)
     • BPX.CAHFS.CHANGE.FILE.MODE (READ authority)

     Note: CA SAF HFS security is a feature in CA ACF2 for z/OS and CA Top Secret for z/OS.

Note: If you are using SAF security, consider the following options:

• If the CSFSERV class is active, verify that the user ID for this request in the CA CSM application server has READ access to CSFRNG and CSFDSV.
• If the APPL class is active, verify that the user ID for the request in the CA CSM application server has READ access to the OMVSAPPL resource.

Note: CA CSM executes GIMUNZIP in the security context of the CA CSM application server ID. If SMP/E security is active, the CA CSM application server ID must have READ access to the GIM.PGM.GIMUNZIP resource in the SAF FACILITY class.