OMVS Definitions for Access to HFS Files under Top Secret

If you want the platform server to access OpenEdition HFS files, you must configure the user associated with the platform server started task as a superuser.

This is required because the platform server reads the HFS directory structure, and performs authorization checking to ensure that users are authorized to access the HFS files. All platform server files are opened and accessed under the security environment of the user requesting the transfer.

You must define the following facility resources on your system:
  • BPX.SUPERUSER
  • BPS.DAEMON

If these resources are not defined on your system, you can define them by using the following commands:

TSS ADD(TSSUSER) IBMFAC(BPX)

The user associated with the platform server started task must be given authorization to access these resources. You can use the following commands: 
TSS PERMIT(fususer) IBMFAC(BPX.SUPERUSER) ACCESS(READ)
TSS PERMIT(fususer) IBMFAC(BPX.DAEMON) ACCESS(READ)

Where fususer stands for the user associated with the platform server started task.

Any user that requires OMVS facilities, including the platform server started task user, must be defined with the OMVS segment of the RACF profile to indicate that the user is authorized for OMVS.