Setting up security authorizations for BCPii

Use the following procedure to set up the security authorizations required by the BCPii application.

In the Facility resource class, specify the following authorities in the specified profiles:

Note

These authorizations apply to the RACLIST Facility class. If you are running a security product other than IBM RACF, you should specify equivalent structures to Class and Facility.

Authority	In this profile	Examples
Read	HWI.APPLNAME.HWISERV This profile controls access to general BCPii commands.	Information Example 1 Provides general RACF security authority access to the Facility of HWISERV: RDEFINE FACILITY HWI.APPLNAME.HWISERV UACC(NONE) PERMIT HWI.APPLNAME.HWISERV CLASS(FACILITY) ID(<userID>) ACCESS(READ) SETROPTS RACLIST(FACILITY) REFRESH Information Example 2 Provides general CA Top Secret security authority access to the Facility of HWISERV: TSS PERMIT(<userID>) IBMFAC(HWI.APPLNAME.HWISERV) ACCESS(READ)
Control	HWI.TARGET.netID.nau This profile controls BCPii connect access to a CPC. netID.nau represents the 3-17-character SNA name of the CPC where you want to run iCap. Granting BCPii access to these resources enables the iCap BCPii Routine to adjust an LPAR's DC or a capacity group's GCL in your Hardware Management Console (HMC) interface. iCap requires control access to all CPCs that host LPARs that you want iCap to manage. Success Tip You can find the netID.nau.imageName element in your HMC by accessing the Support Element (SE).	Information Example 1 Provides specific RACF security access to a particular resource, in this case a CPC: RDEFINE FACILITY HWI.TARGET.IBM390PS.CPC001 UACC(NONE) PERMIT HWI.TARGET.IBM390PS.CPC001 CLASS(FACILITY) ID(<userID>) ACCESS(CONTROL) The element IBM390PS.CPC001 refers to the netID.nau of the CPC that the master PAS is monitoring. In this case, the CPC name is CPC001. Information Example 2 Provides specific CA Top Secret security access to a particular resource, in this case a CPC: TSS PERMIT(<userID>) IBMFAC(HWI.TARGET.IBM390PS.CPC001) ACCESS(CONTROL)
Update	HWI.TARGET.netID.nau.imageName This profile controls BCPii access to an LPAR. imageName represents the 1-8-character LPAR name. Warning Note iCap requires LPAR-level access to all of the LPARs that you want iCap to manage, whether they are to be managed as an individual LPAR or a group. This requirement enables iCap to change the defined capacities of LPARs and group capacity limits, and to recognize LPARs that are running on z/OS, and exclude non-z/OS LPARs. Success Tip You can find the netID.nau.imageName element in your HMC by accessing the Support Element (SE).	Information Example 1 Provides specific RACF security access to a particular resource, in this case an LPAR image: RDEFINE FACILITY HWI.TARGET.IBM390PS.BRYALS.SJSB UACC(NONE) PERMIT HWI.TARGET.IBM390PS.BRYALS.SJSB CLASS(FACILITY) ID(<userID>) ACCESS(UPDATE) SETROPTS RACLIST(FACILITY) REFRESH The element IBM390PS.BRYALS.SJSB refers to the netID.nau.imageName of the LPAR that the master PAS is monitoring. In this case, the LPAR name is SJSB. Information Example 2 Provides specific CA Top Secret security access to a particular resource, in this case an LPAR image: TSS PERMIT(<userID>) IBMFAC(HWI.TARGET.IBM390PS.BRYALS.SYS) ACCESS(UPDATE) TSS REFRESH(<userID>) JOBNAME(JOB1) The element SYS refers to an LPAR. By default, CA Top Secret treats SYS as the wildcard value SYS*. That is, CA Top Secret searches for any LPAR starting with SYS.

Note

If you do not complete the setup of the BCPii security authorizations, you cannot execute iCap in manage mode. If you specify iCap to run in manage mode, iCap switches to observe mode and runs with Policy=NO-POLICY.

For more information about activating BCPii, see the chapter describing the BCPii in the IBM manual MVS Programming: Callable Services for High-Level Languages.

Setting up security authorizations for BCPii

Intelligent Capping for zEnterprise 3.0

On this page