The Resource Access Control Facility (RACF) server class profiles
are used to control dynamic application environments. Dynamic application
environments are displayed and controlled separately from static application
environments.
Before you begin
Note: To use dynamic application environment commands you must be
running z/OS Version 1 Release 4 or above with the WLM-DAE support PTF APAR
OW54622 enabled.
To set up both the three-part or four-part RACF
server class profiles for the application server or cluster for your dynamic
application environment, the user ID for the servant must be given read access
to both of the profiles.
About this task
The Resource Access Control Facility (RACF) server class profiles
are used to:
- Permit the unauthorized WebSphere Application Server servant access to
controller services
- Control dynamic application environments, which are displayed and controlled
differently from static application environments
Choose between two SERVER class profiles. You need one of these
profiles, and which profile you need correlates to dynamic application environment
(DAE) support.
Procedure
- Use the profile for dynamic application environments.
When
Dynamic Application Environments are supported, use:
RDEFINE SERVER CB.<server>.<cluster>.<cell> UACC(NONE)
PERMIT <SR_userid> ACC(READ)
- Use the profile for static application environments.
When
Dynamic application environments are not supported (static application environments),
use:
RDEFINE SERVER CB.<server>.<cluster> UACC(NONE)
PERMIT < SR_userid> ACC(READ)
Example
The existing three-part profile
has the form:
<subsystem_type>.<subsystem_name>.<application_environment_name>
where:
- <subsystem_type> is CB
- <subsystem_name> is the application server short
name.
- <application_environment_name> is the application
server generic short name, as specified in the WebSphere Application Server
variables. If the server resides in a cluster, the name specified here must
match the cluster short name. If the server does not reside in a cluster,
the name must match the name specified on the ClusterTransitionName custom
property for the server .
The four-part profile adds the
cell name to avoid ambiguities with existing profile names. The four-part
profile has the form:
<subystem_type>.<subsystem_name>.<application_environment_name>.<cell_name>
where:
- <cell_name> is the short name of the cell containing
this application server.
Three-part profile
names:
- CB.T5SRV1.T5CL1 (the application server with the short name T5SRV1 and
generic short name T5CL1)
- CB.*.T5CL1 (all application servers in the generic short name of T5CL1)
- CB.*.* (any application server in the sysplex)
Four-part profile names:
- CB.T5SRV1.T5CL1.T5CELL (the application server with the short name T5SRV1,
and generic short name T5CL1 that resides in the cell T5CELL)
- CB.*.T5CL1.T5CELL (all servers in the generic short name of T5CL1 in the
T5CELL)
- CB.*.*.T5CELL (any server in the cell named T5CELL)
If you do not want to discriminate between any of the application
servers, you can eliminate all the specified profiles and use a generic form
to cover the three and four-part names for all the servers in the sysplex: