Re: Operational Decision Manager for z/OS®
On the CA website, https://communities.ca.com/ You can find a TSS group Easy to join if you have a site ID Lizette > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Steely.Mark > Sent: Friday, December 02, 2016 4:46 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Operational Decision Manager for z/OS® > > This may not be the best place to ask this but maybe someone can direct me to > a TSS listserv. > > The RACF stuff needs to be converted to TSS. > > I can't find anything is TSS that reference class(server). > > I am new to the TSS world. We are z/OS v.2.2 and I think TSS is R15. > > Any help would be appreciated. > > Thanks > > The Liberty Profile server requires multiple SAF profiles in the STARTED and > SERVER classes. Proceed as follows to create them. > Procedure > 1.The user ID that the angel process runs under needs the SAF STARTED > profile, for example: > > 2.RDEFINE STARTED BBGZANGL.* UACC(NONE) STDATA(USER()) > SETROPTS RACLIST(STARTED) REFRESH > The Operational Decision Manager for z/OS zRule Execution Server for z/OS > Liberty server runs under the authority of the zRule Execution Server for z/OS > started task user ID. This user ID needs to be able to connect to the angel > process to use authorized services. > > 3.To allow the zRule Execution Server for z/OS Liberty server to connect > to the angel process, create a profile for the angel process (BBG.ANGEL) in > the SERVER class. Give the zRule Execution Server for z/OS started task user > ID () authority to access it, for example, in RACF: > > 4.RDEFINE SERVER BBG.ANGEL UACC(NONE) > PERMIT BBG.ANGEL CLASS(SERVER) ACCESS(READ) ID() > > 5.To allow a Liberty server to use the z/OS authorized services, create a > SERVER profile for the authorized module BBGZSAFM and allow the zRule > Execution Server for z/OS started task user ID () to the > profile. This action allows a Liberty server to use the z/OS Authorized > services, for example, in RACF: > > 6.RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM UACC(NONE) > PERMIT BBG.AUTHMOD.BBGZSAFM CLASS(SERVER) ACCESS(READ) ID() > > 7.To allow the zRule Execution Server for z/OS Liberty server to access > the services necessary for security, create a profile for the SAF authorized > user registry services and SAF authorization services (SAFCRED) in the SERVER > class. Give the zRule Execution Server for z/OS started task user ID > () authority to access it, for example, in RACF: > > 8.RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.SAFCRED UACC(NONE) > PERMIT BBG.AUTHMOD.BBGZSAFM.SAFCRED CLASS(SERVER) ACCESS(READ) > ID() > > 9.Refresh the SERVER resource: > SETROPTS RACLIST(SERVER) REFRESH > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Operational Decision Manager for z/OS®
The one time I had to do this, we called support and CA asked us for the RACF command list and sent the equivalent TSS translations back to us. I got the feeling that's normal operations for them. Steely.Mark wrote: This may not be the best place to ask this but maybe someone can direct me to a TSS listserv. The RACF stuff needs to be converted to TSS. I can't find anything is TSS that reference class(server). I am new to the TSS world. We are z/OS v.2.2 and I think TSS is R15. Any help would be appreciated. Thanks -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Operational Decision Manager for z/OS®
This may not be the best place to ask this but maybe someone can direct me to a TSS listserv. The RACF stuff needs to be converted to TSS. I can't find anything is TSS that reference class(server). I am new to the TSS world. We are z/OS v.2.2 and I think TSS is R15. Any help would be appreciated. Thanks The Liberty Profile server requires multiple SAF profiles in the STARTED and SERVER classes. Proceed as follows to create them. Procedure 1. The user ID that the angel process runs under needs the SAF STARTED profile, for example: 2. RDEFINE STARTED BBGZANGL.* UACC(NONE) STDATA(USER()) SETROPTS RACLIST(STARTED) REFRESH The Operational Decision Manager for z/OS zRule Execution Server for z/OS Liberty server runs under the authority of the zRule Execution Server for z/OS started task user ID. This user ID needs to be able to connect to the angel process to use authorized services. 3. To allow the zRule Execution Server for z/OS Liberty server to connect to the angel process, create a profile for the angel process (BBG.ANGEL) in the SERVER class. Give the zRule Execution Server for z/OS started task user ID () authority to access it, for example, in RACF: 4. RDEFINE SERVER BBG.ANGEL UACC(NONE) PERMIT BBG.ANGEL CLASS(SERVER) ACCESS(READ) ID() 5. To allow a Liberty server to use the z/OS authorized services, create a SERVER profile for the authorized module BBGZSAFM and allow the zRule Execution Server for z/OS started task user ID () to the profile. This action allows a Liberty server to use the z/OS Authorized services, for example, in RACF: 6. RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM UACC(NONE) PERMIT BBG.AUTHMOD.BBGZSAFM CLASS(SERVER) ACCESS(READ) ID() 7. To allow the zRule Execution Server for z/OS Liberty server to access the services necessary for security, create a profile for the SAF authorized user registry services and SAF authorization services (SAFCRED) in the SERVER class. Give the zRule Execution Server for z/OS started task user ID () authority to access it, for example, in RACF: 8. RDEFINE SERVER BBG.AUTHMOD.BBGZSAFM.SAFCRED UACC(NONE) PERMIT BBG.AUTHMOD.BBGZSAFM.SAFCRED CLASS(SERVER) ACCESS(READ) ID() 9. Refresh the SERVER resource: SETROPTS RACLIST(SERVER) REFRESH -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
