Space banner


This space provides the same content as before, but the organization of the home page has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.

Authorization at the CAS, PAS, and user levels

This information applies to MainView products that run (either in whole or in part) in windows mode and describes how to plan for and implement security for MainView products that run in full-screen mode.

Access authorization requests are made to the ESM at the CAS, PAS, and user levels, as described here:

  • CAS level

    The coordinating address space (CAS) provides all communication between a user terminal session, the product address space (PAS) where a product runs, and other CASs running on local and remote systems. Plex Manager, which is shipped with all MainView products, runs in the CAS. Other products, such as MainView VistaPoint and MainView Alarm Management, might also run in a CAS.

  • PAS level

    Each MainView product runs in a product address space (PAS). The address space where the product is running requires ESM authorization to common resources and product resources that are managed by MainView windows-mode security. After successful CAS initialization, authorization requests are made when a product attempts to connect to the CAS and the product identifies itself as a service point to Plex Manager.

  • User level

    Users who request views and attempt to perform actions in a MainView product require ESM authorization to protected resources. This authorization occurs after the CAS initializes, a product identifies itself to the CAS, and the product initializes (whether it is in a separate PAS or not).

    When a PAS connects to a CAS, the PAS is identified by a one- to eight-character product ID, for example, MVDB2 for MainView for DB2. The product ID is displayed in the Plex Manager views such as PLEXOVER.

    The product ID is also used during the creation of security environments within each PAS. Security environments are created by a PAS for each user, as well as other PASs (on the same system or on other systems in the plex) that communicate with it. During the creation of each security environment, the product ID is passed to the ESM to indicate which z/OS application (the PAS) will subsequently own and manage the security environment, and which z/OS application the user or PAS is attempting to sign on to and use. The ESM determines whether the user or PAS is allowed to sign on to and use that z/OS application by authorizing access to a resource in SAF class APPL with an entity name of productID. The table in Resource naming convention lists the product names and the z/OS ESM SAF resource class APPL entity names (product IDs) used for each product.


The product ID COMMON that is listed in the table in Resource naming convention is never actually passed to the ESM as an APPL entity name.

Was this page helpful? Yes No Submitting... Thank you