System prerequisites for the CEA TSO/E address space services
Table 1 describes the system prerequisites for using the CEA TSO/E address space services.
Prerequisite | Description |
---|---|
CEA must be active. | The CEA TSO/E address space manager runs in the CEA address
space, which is started automatically during z/OS®
initialization. If your installation stopped CEA, restart it. Otherwise, the services are not
enabled. To determine whether the CEA address space is active, enter the following z/OS system console command:
|
The TRUSTED attribute must be assigned to the CEA started task. | To allow the CEA TSO/E address space manager to access or
create any resource that it needs, the CEA started task requires the TRUSTED(YES) attribute to be
set on the RDEFINE STARTED CEA.** definition. If the TRUSTED attribute is not assigned to the CEA started task, the CEA TSO/E address space manager services might not be operational. For example, the services cannot create or access z/OS UNIX message queues. For more information about the RACF® TRUSTED attribute, see the topic on associating started procedures and jobs with user IDs in z/OS Security Server RACF System Programmer's Guide, and the topic on using started procedures in z/OS Security Server RACF Security Administrator's Guide. |
The CEA address space must be started in full function mode. | Because the CEATsoRequest API requires z/OS UNIX System Services, CEA must be started in full function mode. For information about starting CEA in full function mode, see the topic about customizing CEA in z/OS Planning for Installation. |
The external security manager (ESM) must have sysplex-wide scope. | To create address spaces on other systems in the sysplex, ensure that the security identities of the caller are the same on each system. Your installation must ensure that the REALM class contains a SAFDFLT profile with an application name. In a RACF system, issue a command similar to the following command:
|
Callers must be authorized to SAF resource profile CEA.CEATSO.TSOREQUEST. | To access the CEATsoRequest API, callers must be authorized by their security product to SAF resource profile CEA.CEATSO.TSOREQUEST. |
Ensure that callers are authorized to the
following SAF resource profiles to allow them to send data to systemname: CEA.CEATSO.FLOW.systemname |
To flow data between different systems in the sysplex, ensure that
the caller is authorized by the external security manager (ESM). Because the security database is
sysplex wide in scope, CEA can check for both local and remote permissions on the system that
initiated the request. For example, to flow data between System A and System B, the following
profiles must permit CEA:
|
Users must be authorized to the appropriate resources. | The user ID of the user for whom the caller is requesting TSO/E address space services must be authorized to use TSO/E, OMVS, and any other resources the address space requires. |