This was discussed on RACF-L recently. Bottom line seemed to be that Special and UID(0) were not really required if you set it up correctly. Document corrections are pending :)
> -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On > Behalf Of Larre Shiller > Sent: Friday, January 11, 2008 8:06 PM > To: [email protected] > Subject: Re: CEA RACF userid and SPECIAL > > Hi Dennis - > > Yes, we have defined CEA, but we use Top Secret. In case you have not > already seen this, I previously found the following information in a > manual > (can't remember where) that may be of some help (sorry about the > formatting- > -it was originally cut from a pdf and pasted into an e-mail and then > cut/pasted from there into here!). It doesnt really specifically answer > the > question that you had asked, but for what it's worth: > > Configure CEA to work with z/OS by updating the RACF(r) database to |permit > CEA to use the automatic restart manager (ARM). Use this command: | > ADDUSER CEA DFLTGRP(SYS1) OMVS(UID(0) HOME('/') FILEPROCMAX(1024)) > SPECIAL > |RDEFINE STARTED CEA.** STDATA(USER(CEA) GROUP(SYS1) TRACE) > | > Define the OMVS segment that allows CEA to work in the UNIX(r) environment. > |Use this command: | > ADDUSER CEA DFLTGRP(SYS1) OMVS(UID(0) HOME('/') FILEPROCMAX(1024)) > SPECIAL > | | > Note:| > It is possible to have CEA start in full function mode |without this setup > being > performed. This is because of the way that RACF can be configured |to > handle > tasks that do not have user IDs of their own. Because CEA is a started > |task, > its RACF user ID does not have to be "CEA". If the STARTED class or > |started > procedures table (ICHRIN03) contains a user ID other than "CEA", |CEA will > have that user ID assigned to it. For example, a generic entry might > |specify > that a user ID such as STCUSER should be assigned to any started task > |that > is not defined with its own entry. If the user ID "CEA" was not |set up > and > assigned to the started task, the generic entry would be used and |an > IEF695I message would indicate that START CEA was assigned to the generic > |user ID. | > If the default user ID that is assigned does not have an OMVS segment, |a > default OMVS segment is sought through the FACILITY class profile > BPX.DEFAULT.USER. RACF uses the default OMVS segment if the CEA task is > running with a RACF-defined |user ID and the BPX.DEFAULT.USER facility > class > is set up. However, if the |BPX.DEFAULT.USER facility class profile is > missing > or not set up correctly, |no OMVS segment will be associated with the > default > user ID and CEA will start |in minimum mode. > > Larre Shiller > US Social Security Administration > > "The contents of this message are mine personally and do not necessarily > reflect any official position of the US Government or the US Social > Security > Administration." > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
