Received a request to create an alias:
Please create an alias for ARSSOCKD and ARSLOAD with ACID ID ARSSERVR group ARS. Additional information can be found on the below links.
Note** This is referencing IBM RACF. Please use Broadcom Top Secret procedures.
https://www.ibm.com/support/knowledgecenter/SSQHWE_10.5.0/com.ibm.ondemand.configuringzos.doc/dodzc152.htm
https://www.ibm.com/support/knowledgecenter/SSQHWE_10.5.0/com.ibm.ondemand.configuringzos.doc/dodzc154.htm
Release : 16.0
Component : Top Secret
ARSSERVR
A server owning ID.
All RACF groups and users must have OMVS segments assigned.
A DS profile ARS.** to protect the HFS data sets, ARS group is given ALTER access.
A server owning ID named ARSSERVR, connected to ARS group. Assign the OMVS home of /tmp to this ID.
The /tmp directory is a working directory for log files, print data, and other temporary data.
The ARSSERVR ID is set as the owner of the DB2® instance.
This ID will need the appropriate DB2 access, such as DBADM or SYSADM,
for the creation of the storage group, database, table spaces, and so on.
The DBA can adjust the access as required for the ARSSERVR ID, after the installation is completed.
RACF commands are normally issued with: RDEFINE STARTED ...
equivalent of the RDEFINE STARTED ... command is
TSS ADD(STC) PROCNAME(proc) ACID(acid).
TSS CREATE(ARSSERVR) TYPE(USER) NAME('ARSSERVR STC ACID') FAC(STC,DB2 fac) PASSWORD(xxxx,0)
DEPARTMENT(dept)
TSS CRE(ARS) TYPE(GROUP) NAME('ARS GROUP') DEPT(dept)
TSS ADD(ARS) GID(nnn)
TSS ADD(ARSSERVR) UID(0) GROUP(ARS) DFLTGRP(ARS) HOME(/tmp)
TSS ADDTO(STC) ACID(ARSSERVR) PROCNAME(ARSSOCKD)
TSS ADDTO(STC) ACID(ARSSERVR) PROCNAME(ARSLOAD)
Note:
The ARSSERVR ID is set as the owner of the DB2® instance.
This ID will need the appropriate DB2 access, such as DBADM or SYSADM,
for the creation of the storage group, database, table spaces, and so on.
The DBA can adjust the access as required for the ARSSERVR ID, after the
installation is completed.
TSS PER(ARSSERVR) DB2SYS(SYSDBADM)
With the SYSADM authority, an authorization ID can perform the following
actions and grant other IDs the privileges to perform them:
* Use all the privileges of DBADM over any database
* Use EXECUTE privileges on all packages
* Use EXECUTE privileges on all routines
* Use USAGE privilege on distinct types
* Use BIND on any plan and COPY on any package
* Use privileges over views that are owned by others
* Set the current SQL ID to any valid value
* Create and drop synonyms and views for other IDs on any table
* Use any valid value for OWNER in BIND or REBIND
* Drop database DSNDB07
With the SYSADM authority can also perform the following actions but cannot
grant to other IDs the privileges to perform them: