Application Performance Analyzer for z/OS, Version 11.1, Customization Guide

Establishing external security system access rules

The following applies to your External Security System (such as RACF®). Application Performance Analyzer also provides its own access rules facility to complement the external security system. The Application Performance Analyzer access rules are described in Configuring Application Performance Analyzer.

Load library (SCAZAUTH)
You need to grant Application Performance Analyzer users execute access to the product load library SCAZAUTH.
Other libraries
Users should be granted read-only access to all other Application Performance Analyzer libraries.
Checkpoint file
The Application Performance Analyzer started task will allocate a checkpoint file. Application Performance Analyzer uses this data set to record the status of all measurement requests. The checkpoint file is named in the format yourhlq.CheckpointDSN. The Application Performance Analyzer started task must have full access to this data set. Additionally, you should grant full access to the appropriate product support personnel, and read-only access to all other users of Application Performance Analyzer.
Note:
Some installations might need to pre-allocate the checkpoint file. See Pre-allocating a checkpoint data set to determine if this applies to your installation.
Log files
If you choose to activate the logging option, the Application Performance Analyzer started task will allocate and write to log data sets. These data sets record activity within the started task. The Application Performance Analyzer started task must have full access to these data sets. Additionally, you should grant full access to the appropriate product support personnel and deny access to all other users. These data sets have a name in the form:

yourhlq.LOG.Dyyyyddd.Thhmmsst

Common data store file
If you choose to enable the common data store option, the Application Performance Analyzer started task allocates the common data store file if one does not already exist. Application Performance Analyzer uses the common data store file, which is unique to each started task, to record and maintain a list of data set names and directories that contain source program mapping files. It includes source mapping file lists for individual users, as well as those that are common to all users. Individual users maintain their personal lists using the ISPF A03 and A04 panels or the GUI Mapping Repository feature. Administrators maintain the common list using the ISPF A05 panel or the GUI Mapping Repository feature. The common data store file is typically named in the format yourhlq.CDS. The Application Performance Analyzer started task must have full access to this data set. Additionally, you should grant full access to the appropriate product support personnel.
Note:
Some installations might need to preallocate the common data store file. See Pre-allocating a common data store file to determine whether this applies to your installation.
Sample (measurement) files
The Application Performance Analyzer started task creates a measurement file (or "sample" file) for each measurement request that has completed. These data sets contain the measurement data that Application Performance Analyzer uses to produce the performance analysis reports. The Application Performance Analyzer started task must have full access to these data sets. Additionally, you should grant full access to the appropriate product support personnel, and read-only access to all other Application Performance Analyzer users. These data sets are named in the format:

yourhlq.userid.Rnnnn.jobname.SF and

yourhlq.userid.Rnnnn.userID.SF (imported using IMPORT command) and

yourhlq.userid.Rnnnn.importjobname.SF (imported using batch program CAZIMPRT).

You also have the option of overriding the Application Performance Analyzer generated sample data set name by specifying the SampleDSN setting in CONFIG SAMPLE.

SAF FACILITY class authorities
If your installation has activated the SAF FACILITY class for CSVDYNL and or CSVDYNEX, you must authorize the Application Performance Analyzer started task as described in the table below:
Table 3. Class authorities required for SAF FACILITY
Class entity Access authority
CSVDYNL.linklist.TEST  1  READ
CSVDYNEX.LIST READ
CSVDYNEX.SYS.IEFUSI.CAZ00990 UPDATE
CSVDYNEX.SYSJES2.IEFUSI.CAZ00990 (for JES2 environments) UPDATE
CSVDYNEX.SYSJES3.IEFUSI.CAZ00990 (for JES3 environments) UPDATE
CSVDYNEX.SYSSTC.IEFUSI.CAZ00990 UPDATE
CSVDYNEX.SYSTSO.IEFUSI.CAZ00990 UPDATE
CSVDYNEX.BPX_POSPROC_INIT.CAZ00991 UPDATE
Note:
 1  Where linklist is the name of the active LNKLST. This can be displayed on the console with the command:
D PROG,LNKLST,NAME=CURRENT
Non-RACF security
If you are running a security system other than RACF, you might need to give Application Performance Analyzer read access to any protected load libraries it might need to search. Application Performance Analyzer requires access to load libraries in order to gather information about all modules it encounters during an observation session. If the Application Performance Analyzer started task gets S913 abends in a non-RACF environment, protected loadlibs are a likely cause.



Rate this page

[ Top of Page | Previous Page | Next Page | Contents | Index ]