|
|
|
We recommend that you grant READ access to the MATUNER started task for load libraries. This authority enables information to be gathered about the programs that are observed during a measurement. The SECURITY parameter indicates which security points are to be tested and can have the following values:
Specifies that all security is turned off.
Note: If SECURITY is set to NONE, no user information is passed to other servers within the sysplex.
Specifies that security checks are performed only on requests within the same z/OS LPAR.
Specifies that security checks are performed for requests originating from other z/OS images through XCF.
Specifies that security checks are performed regardless of where the request originates.
We also recommend that you set the parameter SECCRES to TARGET where your security environment permits application programs READ access to load libraries. Setting SECCRES to TARGET specifies that SECCRES inherits the access rights of the measured address space.
SECCRES specifies the security environment to be inherited by the CSECT resolution subtask. When CA Mainframe Application Tuner is measuring a job, all CSECT level resolution is performed in the CA Mainframe Application Tuner Server started task (STC) by a subtask. The CSECT level resolution subtask opens up load libraries (including libraries from LPALIST and LINKLIST) for READ access to obtain the CSECT level information for observed load modules.
Business Value:
The security configurations recommended in this best practice eliminate the occurrence of security violation messages during measurement and the need for creating specific security rules for CA Mainframe Application Tuner.
Additional Information:
SECCRES is only used for the global resolution of observed CSECTs. If internal CA Mainframe Application Tuner security is activated, a generic profile secprefx.** (for example, MATUNER.**) needs to be defined with a universal access (UACC) of READ. If the SAF facility class for CSVDYNL has been activated, this security environment must include READ access to CSVDYNL.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |