OMVS Definitions for Access to UNIX System Services (USS) Files under RACF

If you want the platform server to access OpenEdition USS files, you must configure the user associated with the platform server started task as a superuser.

The platform server reads the USS directory structure, and performs authorization checking to ensure that users are authorized to access the USS files. All platform server files are opened and accessed under the security environment of the user requesting the transfer.

To configure the platform server user ID a superuser, add the following definition for the platform server user ID:

ALU (FUSUSER) OMVS(UID(0))

With this definition, the platform server can perform authorization checking on behalf of another user.
Note: The OMVS segment is required only if USS file access is required.
You must define the following facility resources on your system:
  • BPX.SUPERUSER
  • BPX.DAEMON
If these resources are not defined on your system, you can define them using the following commands: 
RDEFINE FACILITY BPX.SUPERUSER UACC(NONE)
RDEFINE FACILITY BPX.DAEMON UACC(NONE)

The user associated with the platform server started task must be given authorization to access these resources. The following command gives authorization to the platform server: 

PERMIT BPX.SUPERUSER CLASS(FACILITY) ID(fususer) ACCESS(READ)
PERMIT BPX.DAEMON CLASS(FACILITY) ID(fususer) ACCESS(READ)

Where fususer stands for the user associated with the platform server started task.

Note: Based on your RACF definition, you might have to issue the SETROPTS REFRESH command to refresh the RACF storage tables.

Any user that requires OMVS facilities, including the platform server started task user, must be defined with the OMVS segment of the RACF profile to indicate that the user is authorized for OMVS.