IBM Tivoli Composite Application Manager for Application Diagnostics, Version 7.1.0.1
Set up RACF access to FACILITY profile ERBSDS.MON2DATA
RACF access to FACILITY class profile ERBSDS.MON2DATA is required for z/OS data collectors to access SMF CPU and paging data if that profile has been defined to RACF. If RACF resource FACILITY class profile ERBSDS.MON2DATA has been defined, normally to protect access to RMF™ type 79 record data, ITCAM for Application Diagnostics will be unable to obtain SMF CPU and paging information when it invokes the RMF service ERBSMFI and does not have read access.
The following message is issued because of security checks by RMF Security Access Facility (SAF) calls:
ICH408I USER(userid) GROUP(group_id) NAME(user name ) ERBSDS.MON2DATA CL(FACILITY) INSUFFICIENT ACCESS AUTHORITY FROM ERBSDS.* (G) ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )Failure occurs when the owner IDs of z/OS data collectors hosting applications have not been granted READ access to the profile ERBSDS.MON2DATA.
Owner IDs for all regions running the data collector need to be granted READ access to the ERBSDS.MON2DATA profile. These regions include the ITCAM CYN1 subsystem, and all IBM WAS Servant, CICS, and IMS™ regions that run ITCAM data collectors.
For example, suppose the profile ERBSDS.MON2DATA has been defined using the following command:
RDEFINE FACILITY ERBSDS.MON2DATA UACC(NONE)Then complete the following steps:
- Grant the user ID READ access:
PERMIT ERBSDS.MON2DATA CLASS(FACILITY) ID(userid) ACC(READ)- Activate the changes:
SETROPTS REFRESH RACLIST(FACILITY)
Parent topic:
Set up security