System Authorization Facility (SAF) profile names

(ZOS) System Authorization Facility (SAF) profile names

The Profile Management Tool and the zpmt command generate jobs that help we create the necessary System Authorization Facility (SAF) profiles-such as STARTED, CBIND, or SERVER-that enable the server to run.

At runtime, normal SAF specific and generic profile matching uses a combination of the cell short name, cluster short name (or cluster transition name for a non-clustered server), server short name, and the SAF profile prefix (if one is specified) to select the appropriate matching profile.

WebSphere Application Server for z/OS uses two schemes, specific and generic, in the creation of SAF profiles:

With the specific profile scheme, a set of fully-qualified specific profiles is created to exactly match the short names that apply to the server you customize.
With the generic profile scheme, a set of generic profiles is also created (the STARTED class BBO*.* profiles for example) The purpose of these generic profiles is to provide a default profile for any server created administratively and that has a default name so that the servers can operate successfully by default.
Examples:

An application server created through the administrative console has a default server short name of BBOSnnn and a cluster short name (or cluster transition name for a non-clustered server) of BBOCnnn, where nnn is a unique number. By default, this server can start using the BBO* generic profiles.
Node federation creates a node agent server. If the base application server that we federate is configured with a Java Message Service (JMS) integral provider, then a standalone JMS server is also created. The node agent has a default name of BBONnnn and the JMS server is BBOJnnn, where nnn is a unique number. By default, these servers can start using the BBO* generic profiles.

The generic profiles created are not required and exist only for our convenience in case we use the default server short names and cluster short names (or cluster transition names for non-clustered servers) generated by WAS for z/OS. We can choose to delete the generic profiles if, for example, our organization has particular naming conventions and we will not use the default names generated by WAS for z/OS. In that case, ensure that we have our own strategy for creating the required SAF profiles, either generic or specific, with our own naming convention-WAS for z/OS does not create them for you.