Required authorizations

The STEPLIB hlq.SIPVMODA must be APF-authorized.

Associate the started task that is used to run the ADFzCC server with a user ID that has an OMVS segment. If the BPX.SERVER facility is active give the user ID READ access to it, otherwise the user ID requires superuser access. Make sure write access to the z/OS® UNIX directory is available, as specified by the WORKDIR= configuration parameter. Edit and run the job IPVMKDIR in the sample library (IPV.SIPVSAM1) to create this directory. Furthermore, any users logging in to the ADFzCC server require read access to this location. Similarly, if you configure the ADFzCC server to a key database of your own creation, the ADFzCC server and any users who log into it require read access to the specified key database.

Products that make use of the SPAWN_JOBNAME configuration keyword require the following authorizations. The user ID of the ADFzCC server must be permitted to the BPX.SUPERUSER resource of the FACILITY class and must have READ access to the BPX.JOBNAME resource, if it is defined.

The ADFzCC server uses C runtime services to switch user context when spawning processes for requesting clients that provide a valid user ID and password. These services are associated with the OMVSAPPL resource (or the IPVAPPL resource if PASSTK is specified) of the APPL class by default, if the APPL class is active. If this is the case, the authenticating user ID must have READ access to the OMVSAPPL or IPVAPPL resource of the APPL class.

Alternatively, your server configuration can specify APPLID=applid, where applid is a user-defined resource name defined to the APPL class. When APPLID is configured, the ADFzCC server will use the specified applid rather than OMVSAPPL. If PassTickets are used, the default resource name is IPVAPPL, however this can also be overridden by the APPLID configuration parameter. In all cases, authenticating users must have READ access to the appropriate resource of the APPL class (if it is active).

If enhanced program security is enabled, at a minimum the following programs must be defined to program control, unless BPX.DAEMON.HFSCTL was set up:

  • IPVSRV
  • IPVMSGT
  • IPVCMENU
  • IPVCMJPN
  • UIPVMSGT
  • IPV0LVL

Alternatively, define all ADFzCC server programs in the library IPV.SIPVMODA to program control, rather than specifying individual programs.

If enhanced program security is enabled, IPVSRV must be defined with the MAIN attribute, using the APPLDATA operand on the PROGRAM profile.