Step 12.3 – Specify RACF authorizations

To connect using TCP/IP, you must define a proper OMVS RACF segment for the user ID and Group ID associated with the Print Monitor started task for deferred printing or online environment (OMON or TSO/ISPF) for the Immediate Print.
For details on defining an OMVS RACF segment, see the appropriate IBM documentation for this topic. Users of TOP/SECRET or ACF/2 should refer to their specific product documentation for details about the equivalent definitions in their environment.
If IPv6 is enabled on the system and some CTDS or CTDPC destinations are defined by hostnames (rather than IP addresses), provide RACF (or other security product) authorization for the Print Monitor started task user ID for deferred printing, or OMON or TSO user ID for Immediate Print, in order to read the following files:
- /etc/ipnodes
- Any other files mentioned in the RESOLVER address space SETUP file statements GLOBALIPNODES and DEFAULTIPNODES.
Note that this step might be required even if the hostnames resolve to IPv4 addresses.

File access authorization is not required if ISOCKAPI=SAS is defined in the IP statement of the IOAPARM member. However, this option is not recommended. See "General IP parameters" in the IOA administration chapter of the INCONTROL for z/OS Administrator Guide.

Access authorization can be given by enabling read access to the file using the chmod command.

For example (to allow read access for others):

chmod o+r /etc/ipnodes

The following alternative methods for giving access authorization can be used:
- In the RACF OMVS segment for the Print Monitor /OMON/TSO user, set the User Identifier (UID) to the same UID as the owner of the file as displayed by the 'ls –l' command.
- Connect the Print Monitor/OMON/TSO UID to the same group as the file's group using the RACF CONNECT command.

Parent Topic

Step 12 – Connection with Control-D/Delivery Server (optional)