Why does CSM need access to the facilities BPX.SERVER and BPX.DAEMON?

book

Article ID: 48707

calendar_today

Updated On:

Products

CA Compress Data Compression for MVS CA Compress Data Compression for Fujitsu CA Datacom - DB CA Datacom CA Datacom - AD CA Datacom - Server CA Mainframe Software Manager (Chorus Software Manager) CA MICS Resource Management CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Datacom/AD

Issue/Introduction

BPX.SERVER is necessary when you want to use the BPX callable service pthread_security_np(). A server that uses the pthread_security_np() service can customize the RACF identity of a thread. Such server initiates a thread that processes the client's request. If the server customizes the thread initiated for the client with the clients' RACF identity,any resource access decisions to RACF-protected resources are made using the client's RACF identity and authorizations

CSM uses this function when it instantiates a new thread under logged user credentials. Actual CSM tomcat runs under different ACID than logged user has hence when CSM is supposed to allocate DATASET or does an SMP/E operation in context of logged user it must create a new thread within the server address space. CSM has to call pthread_security_np() to instantiate new thread with different (user's) security context.

Access to the facility BPX.DAEMON is not required by CSM. It is required only for the ID installing CSM and can be revoked once the installation is complete.

For additional information on access requirements, for the CSM Tomcat Server and access requirements for the installer of CSM, please see the CSM Install Guide.

Environment

Release: MSMNGR00200-5.1-Chorus Software Manager
Component: