What are the necessary RACF permissions needed for the Sysview MVS monitor DB2 option?
Release : 20.0
Component : CA Insight Database Performance Monitor for DB for z/OS
The following RACF statements are needed for the Sysview -mvs monitor (DB2 Option) :
RDEFINE APPL DB2TOOLS UACC(NONE) <== define the DB2TOOLS application
SETROPTS CLASSACT(APPL) <== define the DB2TOOLS application
SETROPTS GENERIC(PTKTDATA) <== specify this command if you want to implement a generic user ID
SETROPTS CLASSACT(PTKTDATA) RACLIST(PTKTDATA) <== activate the PassTicket class if currently not active
RDEFINE PTKTDATA DB2TOOLS SSIGNON(KEYMASKED(012345679ABCDEF)) <== define profiles for the applications and specify an encryption key (KEYMASKED). Replace SSKEY with 16 hex digits of your choosing. Each application key must be the same on all systems in the configuration and the values must be secret.
RDEFINE PTKTDATA IRRPTAUTH.DB2TOOLS.* OWNER(userid) UACC(NONE) <==designate no universal access, so that explicit permissions must be granted to individual users
PERMIT IRRPTAUTH.DB2TOOLS.* ID(userid) CLASS(PTKTDATA) ACCESS(UPDATE) <== grant update access to user id
RALTER PTKTDATA DB2TOOLS APPLDATA('NO REPLAY PROTECTION') <==bypass PassTicket replay protection when the threat of PassTicket replay is not a security concern
PERMIT DB2TOOLS CLASS(APPL) ID(userid) <== permit access to the DB2TOOLS application for each CA SYSVIEW for DB2 component user that is permitted to access the component data from CA SYSVIEW for DB2 using Xnet
Also, If the XNET stc userID is not a logon-able ID it is recommended to specify NOOPSPTCKT or supply a TSO ID that has an associated pw and specify it with the parm OPSPTCKTID(tso id) in the PXNPARM member used by the xnet task.