Defining TIBCO MFT Platform Server for z/OS as a Multiple-User Address Space

To define TIBCO MFT Platform Server for z/OS to RACF as a multiple-user address space, you must define the RACF user ID under which the platform server started task runs and update the RACF started procedures table.

1. Define the RACF user ID under which the platform server started task runs.

   You must choose the RACF profile name (namely the user ID) under whose privileges the platform server will run. This must be a new profile name created specifically for TIBCO MFT Platform Server for z/OS.

   You can create a new user ID by using the ADDUSER command, and then assign the user to a RACF group.

   The user defined must have rights to any data set that the platform server might access. The format of the ADDUSER command is as follows:

   ADDUSER (fususer) DFLTGRP(fusgroup) OMVS(UID(nnnnn))

   Where:

   • fususer is the name of the platform server user.
   • fusgroup is the name of the group used as a default name for the platform server user. To use TCP/IP connectivity, this group requires a GID of 0.
   • nnnnn is the OpenMVS UID assigned to the user for TCP/IP connectivity.

   Note:

   The user name defined must match the user name added to the ICHRIN03 module. For RACFV2, the user name defined must match the name of the user added to the STARTED class for the platform server.

   For example, the following command adds a user called FUSUSER and specifies the default group as STASKS. The group STASKS must be previously defined to RACF. An OpenMVS segment is also created for the platform server ID with the UID of 100100.

   ADDUSER (FUSUSER) DFLTGRP(STASKS) OMVS(UID(100100))

2. Update the RACF started procedures table to include a new entry for the name of the platform server started task.

   The RACF started procedure table can be updated by adding the platform server to the RACF started resource class. The format of the command is as follows:

   RDEFINE STARTED (member.jobname) 
   STDATA(USER(userid), GROUP(groupid), 
   TRUSTED(YES))

   Where:

   • STARTED specifies the RACF resource class.
   • member.jobname specifies the name of the platform server PROC. If a job card is present, jobname specifies the name of the job. Otherwise, jobname must match the member name.
   • STDATA defines the STARTED class data.
   • userid defines the user ID defined for the platform server.
   • groupid defines the group defined for the platform server. If this parameter is not defined, the default group for the platform server user is used.
   • TRUSTED(YES) defines the user as a trusted user.
     Note: This parameter is optional. If you do not want to provide the trusted user attribute, you must grant the platform server user the rights to access any necessary data sets and update any necessary password.

   For more information, see these IBM manuals: RACF Security Administrators Guide and RACF Command Language Reference.

3. Authorize the platform server started task to issue operator commands by using the following RACF command:

   PERMIT MVS.MODIFY.STC.fusionstc.* CLASS(OPERCMDS) 
   ID(fususer) ACCESS(UPDATE)

   Normally the platform server can run without this authorization. The platform server will detect when TCP/IP is stopped. With this authorization, when TCP is brought up again, the platform server can restart the TCP services by internally issuing two platform server operator commands to stop and start the TCP Interface .