What setup in ACF2 code is needed for JES2 Privilege Support and LOGON with SUBSYS

book

Article ID: 196577

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

JES2 Privilege Support documentation mentions RACF requirement to allow user to logon as Privileged user as follows:


After enabling privilege support, the next step (optional, but recommended) is to define a RACF FACILITY profile for the JES2 emergency subsystem. This profile controls which users can logon and submit batch jobs to the JES2 emergency subsystem. The FACILITY class profile is called JES.EMERGNCY.<subsys> where subsys is the subsystem name defined by the ESUBSYS parameter in the MASDEF statement (the default is HASP). After defining the profile, permit the appropriate user IDs (typically support or operations user IDs) to that profile with READ access.

RACF codes...

RDEF FACILITY JES.EMERGNCY.* UACC(NONE) OWNER(MVSSPT) AUDIT(ALL(READ)) NOTIFY(xxxxx)PE JES.EMERGNCY.* CLASS(FACILITY) ID(MVSSPT) ACC(READ)SETR REFRESH RACLIST(FACILITY)


What is needed with ACF2?

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

That is a resource rule under the FACILITY class.

$KEY(JES) TYPE(FAC)
EMERGNCY.- UID(uid string of the users) SERVICE(READ) ALLOW

Additional Information

For more information on JES2 Privilege Support, see IBM information here

If you also intend to use the SUBSYS parameter on the LOGON command, you need to apply enhancement PTF SO04448.

ENHANCEMENT DESCRIPTION:                                
Allow the TSO LOGON command SUBSYS parameter to be      
specified on z/OS 2.3 systems. Note that the SUBSYS     
parameter can be specified on the LOGON command but     
is not displayed on the TSO fullscreen LOGON panel.     
                                                        
Sites that intend to exploit the SUBSYS LOGON parameter 
must follow the instructions in the "Secondary JES2     
Subsystems" section of the ACF2 documentation to set up 
ACFRJES2 and ACFUJES2 for the emergency JES2 subsystem.