On an ongoing basis, the data in the audit log must be archived to an external file and deleted from the TIBCO Object Service Broker table. For security reasons, the only way to archive the data is to use either:
To run the PURGELOG tools, both the Data Object Broker and the Execution Environment must run on the same z/OS domain and be connected by z/OS Cross Memory Services (XMS). This ensures that the audit log data is protected by the resource-owning z/OS security definitions. To use XMS, both the Data Object Broker and the Execution Environment must run as Authorized Program Facility (APF) authorized programs.
Through the z/OS security interface, System Authorization Facility (SAF), a RACROUTE call is made to a SAF-compliant security package such as CA‑ACF2, RACF, or CA-Top Secret to verify access to the archive files.
To run the PURGELOG tools, two security definitions, nodename.SPECFILE and
nodename.PURGELOG, must be defined to the external security system. The nodename is specified via the NODENAME Data Object Broker parameter.
nodename.SPECFILE must be specified as the name of the external security definition to which the user must be granted access before the user can specify the name of the archive file from within the PURGELOG tools. The definition must also identify the name of the TIBCO Object Service Broker node where the data is stored. It must be defined to the external security system in the form:
nodename.SPECFILE.
nodename.PURGELOG must be specified as the name of the external security definition to which the user must be granted access before the user can archive the data from within the PURGELOG tools. The definition must also identify the name of the TIBCO Object Service Broker node where the data is stored. It must be defined to the external security system in the form:
nodename.PURGELOG.
The following SAF parameters and values are defined for the RACROUTE macro definition. You must take these into consideration when defining the security definitions for your site:
Samples are provided with TIBCO Object Service Broker to assist you with preparing your security setup for your purge log functions. Your preparation depends on the external security package in use at your site. The following table lists the samples that are shipped with the CNTL data set distributed with TIBCO Object Service Broker: