Reporting and Logging › How Security Works for System Logger

How Security Works for System Logger

Before setting up policies for your installation with the IXCMIAPU Administrative Data Utility program, you must get your User ID authorized to use IXCMIAPU. To define the External Logger Log Stream for each system you must customize and run the IXCMIAPU utility, distributed in CTAPJCL member BESCLS. We recommend that you set the HLQ parameter in BESCLS to the CA Tape Encryption PREFIX. However, if a different HLQ is selected for the External Logger Log Stream, add to the CA Tape Encryption profile CREATE access authority to the defined HLQ. Other security-related steps may be required if the System Logger was never customized in your system.

The following list summarizes the steps required to customize the System Logger.

• IBM recommends that the System Logger address space (IXGLOGR) be assigned privileged security status to avoid giving the logger specific access rights to each Log Stream defined in the system.
• The LOGR policy information describes the characteristics of each log stream and coupling facility structure that will be used when there are active connections to the log stream.
• The CFRM policy contains the definition of all coupling facility structures used by system logger, if applicable.
• The users of the IXCMIAPU utility require authorization to the resources accessed by the utility. Define the appropriate authorizations before users attempt to add, update, delete, or extract a report from the LOGR policy.
• The LOGR couple data set must be activated and available before you add log streams and structure definitions to it.

Note: For information about these steps and requirements, see the IBM Assembler Services Guide.