The APPC Started Task manages conversations between TPs. Sessions are established between LU 6.2 nodes dedicated for that purpose. The parameters identifying those LUs are acquired from the APPCPMxx member of SYS1.PARMLIB.
The ASCH Started Task is called the transaction scheduler because it manages sets of transaction initiators- the address spaces that run the TPs named on inbound requests. (These transaction initiators are sometimes referred to as ASCHINTs.)
The APPC address space acquires and validates inbound transactions requests, passing those that are accepted to ASCH. Scheduling parameters residing in the ASCHPMxx member of SYS1.PARMLIB define the TP classes and the number of initiators associated with each.
If you have decided to implement security for APPC, the first thing you need to do is to add the APPC and ASCH started tasks to the CA Top Secret STC record. To do this you need to:
Defining the APPC and ASCH STCs to the STC Record Table is a two‑part process. You must:
TSS CREATE(APPC) TYPE(USER)
NAME('APPC ACID')
DEPARTMENT(OPERS)
PASSWORD(NOPW,0)
FACILITY(STC,APPC)
TSS CREATE(ASCH) TYPE(USER)
NAME('ASCH ACID')
DEPARTMENT(OPERS)
PASSWORD(NOPW,0)
FACILITY(STC)
TSS CREATE(ASCHINT) TYPE(USER)
NAME('ASCHINT ACID')
DEPARTMENT(OPERS)
PASSWORD(NOPW,0)
FACILITY(STC)
TSS ADDTO(STC) PROCNAME(APPC)
ACID(APPC)
TSS ADDTO(STC) PROCNAME(ASCH)
ACID(ASCH)
TSS ADDTO(STC) PROCNAME(ASCHINT)
ACID(ASCHINT)
These started tasks will now execute under the access authorizations given to the APPC, ASCH, and ASCHINT ACIDs.
The next step is to grant the proper access authorizations to these STCs by issuing the appropriate TSS PERMITs for the ACIDs. In addition to the proper data set authorizations, each of these STCs must also be permitted to the APPC facility.
The APPC facility is already defined in the Facility Matrix and operates under the following defaults:
INITPGM=ATB id=AP TYPE=03 ATTRIBUTES=IN‑USE,ACTIVE,NOSHRPRF,NOASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,EODINIT,DORMPW,NONPWR MODE=WARN DOWN=GLOBAL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 MAXUSER=03000 PRFT=003
Note: To run APPC, users must also be authorized to the APPC facility.
The APPC STC requires READ access to SYS1.PARMLIB and UPDATE access to the TP profile and side‑information data sets. Using the APPC ACID created in the previous example, and assuming the SYS1.PARMLIB data set is already owned, you would issue the following command:
TSS PERMIT(APPC) DSNAME(SYS1.PARMLIB)
ACCESS(READ)
TSS PERMIT(APPC) DSNAME(tpdsname)
ACCESS(UPDATE)
TSS PERMIT(APPC) DSNAME(sidsname)
ACCESS(UPDATE)
You might also consider providing both STCs with the NODSNCHK and NOVOLCHK bypass attributes.
The ASCH STC requires READ access to SYS1.PARMLIB. Using the ASCH ACID created in the previous examples the command would look like this:
TSS PERMIT(ASCH) DSNAME(SYS1.PARMLIB)
ACCESS(READ)
The ASCHINT STC does not require any particular permits.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|