Preinstallation

Prior to installing TIBCO MFT Platform Server for z/OS, you must make the necessary RACF definitions for the Platform Server Started task. Prior to the installation, a user ID must be created for the Platform Server started task. This information is described in detail in the TIBCO® Managed File Transfer Platform Server for z/OS Installation and Operation Guide.

Defining the Start Task User ID

There are 2 ways to define the start task user ID:

TRUSTED(Yes): If the value is Yes, the Platform Server started task has very high rights to datasets on the z/OS system.

TRUSTED(No): If the value is No, the Platform Server started task has limited rights to datasets on the z/OS system. You must define the MFT Platform Server user with the rights to access any datasets required by the Platform Server started task and the right to update password (if users are allowed to change their password through Platform Server).

When TRUSTED(No) is defined, you must set the following Global fields:

Field Description

DNI_USERID Defines the RACF user that will be used when using the DNI Feature. DNI scans for z/OS files matching filter criteria and transfers the files to a remote Platform Server. The DNI Scan is performed under the authorization of the Started Task user when this parameter is not defined. When this parameter is defined, the DNI Scan is performed under the authorization of the DNI_USERID. If a DNI transfer is performed, the transfer is executed under the authorization of the DNI_USERID.

SAPI_USERID Defines the RACF user that will be used when using the SAPI (Sysout API) feature. The SAPI interface scans the JES queue for SYSOUT files matching filter criteria and transfers the SYSOUT data to a remote Platform Server. The SAPI scan is performed under the authorization of the Started Task user when this parameter is not defined. When this parameter is defined, the SAPI Scan is performed under the authorization of the SAPI_USERID. If a SAPI transfer is performed, the transfer is executed under the authorization of the SAPI_USERID.

Field	Description
`DNI_USERID`	Defines the RACF user that will be used when using the DNI Feature. DNI scans for z/OS files matching filter criteria and transfers the files to a remote Platform Server. The DNI Scan is performed under the authorization of the Started Task user when this parameter is not defined. When this parameter is defined, the DNI Scan is performed under the authorization of the DNI_USERID. If a DNI transfer is performed, the transfer is executed under the authorization of the DNI_USERID.
`SAPI_USERID`	Defines the RACF user that will be used when using the SAPI (Sysout API) feature. The SAPI interface scans the JES queue for SYSOUT files matching filter criteria and transfers the SYSOUT data to a remote Platform Server. The SAPI scan is performed under the authorization of the Started Task user when this parameter is not defined. When this parameter is defined, the SAPI Scan is performed under the authorization of the SAPI_USERID. If a SAPI transfer is performed, the transfer is executed under the authorization of the SAPI_USERID.

Surrogate Checking

By default,TIBCO MFT Platform Server for z/OS runs transfers under the user ID of the user that initiated the transfer. If USERA wants to execute the transfer under the authorization of USERB, USERA can use one of the two choices provided:

Enter the local user ID and password of USERB when initiating the transfer.
Define a surrogate class that gives USERA the right to initiate transfers as USERB without specifying the password for USERB.

Note: Surrogate checking only applies to transfers initiated by TIBCO MFT Platform Server for z/OS. Surrogate checking is not performed when a Platform Server partner initiates a transfer to TIBCO MFT Platform Server for z/OS.

For additional RACF definitions, see the Installation and Configuration section.