Starting with z/OS® V2R2, the minimum authorization requirements for the callers of Workload Management services IWMSRDRS (Deregister a server for sysplex routing) and IWMSRSRG (Register a server for sysplex routing) are as follows.
If resource BPX.WLMSERVER is defined in the FACILITY class, an unauthorized caller requires access authority to this resource or the IWM.SERVER.REGISTER resource in the FACILITY class.
If the server to be registered or deregistered is not the home address it is an unauthorized caller, one of the following is required:
- Supervisor state.
- Program key mask (PKM) allowing at least one of the keys 0-7.
- The caller has at least READ authority to the resource IWM.SERVER.REGISTER in the FACILITY class. If this resource is not defined, READ authority to the FACILITY class resource BPX.WLMSERVER is required.
Sample ACF2 resource rules follow.ACF
RECKEY BPX ADD( WLMSERVER UID(UID string of unauth caller) SERVICE READ(ALLOW))
RECKEY IWM ADD( SERVER.REGISTER UID(UID string of unauth caller) SERVICE READ(ALLOW))
For more information, see IBM z/OS MVS Programming: Workload Management Services.