User ID
<sapsid>adm to Run the SAP Central Services Instance on z/OS
The user ID <sapsid>adm − where <sapsid> is the SAP system identifier − is a z/OS UNIX System Services user ID. This user ID is needed to run the SAP central services instance on z/OS.
Define the following attributes for this user ID:
· <sapsid>adm must be a member of group SAPINST.
· RACF definition with the OMVS segment specifying the UID and GID; as the GID, use the number you have specified for SAPSYS. In a heterogeneous environment with SAP application server instances on other UNIX platforms, the UID must not be 0 and the UID and GID must be the same on all systems. This is important for NFS.
· Home directory is /u/<sapsid>adm. The home directory may be shared with application servers on other UNIX systems.
· As the startup program, specify the C-shell: /bin/csh (see also The C-shell, tcsh, and Korn shell in SAP Planning Guide for z/OS).
· Optionally, specify maximum values for ASSIZEMAX, CPUTIMEMAX, PROCUSERMAX, FILEPROCMAX, and THREADSMAX. This is necessary if the system-wide settings are left at a lower value but the settings are increased for individual users. See Specifying limits for individual users in SAP Planning Guide for z/OS.
· If the <sapsid>adm user enters the z/OS UNIX shell via TSO log-on, the TSO region size must be set to 2 GB and the TIME parameter of the TSO logon procedure must be set to NOLIMIT.
· Since a user ID defined in RACF is always given in uppercase, but UNIX expects the user ID in lowercase, you must define a lowercase alias for the user ID in the file that was specified as USERIDALIASTABLE in parmlib member BPXPRMxx. See Selecting the UNIX System Services parameters in SAP Planning Guide for z/OS. If the file does not exist, create it. The following sample entry was created in USERIDALIASTABLE for the user ID <sapsid>adm of an SAP System with the system identifier C11:
C11ADM c11adm
The table is column-oriented. The uppercase user ID must start in column 1 and the lowercase alias in column 10. The in-storage copy of the table is regularly refreshed by the system. Using the OMVS operator command SET OMVS allows an immediate activation of the changes to that table.
You can verify the definition using the command ID <sapsid>adm. The user name should appear in lowercase characters now.
· For the z/OS UNIX environment, the default language setting, LANG=C, and the default code page, IBM-1047, are to be used; the default is used if the environment variable LC_ALL is not set.
· READ, WRITE, EXECUTE (rwx) permissions to its home directory /u/<sapsid>adm, to /usr/sap/<SAPSID>, to /sapmnt/<SAPSID>, and to all of their subdirectories.
· READ access to the profile BPX.MAPof RACF's FACILITYclass.
PE BPX.MAP CLASS(FACILITY) ACCESS(READ) ID(<SAPSID>adm)
· READ access to the profile BPX.WLMSERVER of RACF's FACILITY class: WLM registration of the SAP SCS instance on z/OS can be enabled by setting the appropriate SAP profile parameter.
PE BPX.WLMSERVER CLASS(FACILITY) ACCESS(READ) ID(<SAPSID>adm)
· READ access to the profile SUPERUSER.FILESYS.PFSCTL of RACF's UNIXPRIVclass.
PE SUPERUSER.FILESYS.PFSCTL CLASS(UNIXPRIV) ACCESS(READ) ID(<SAPSID>adm)
· READ access to the profile ERBSDS.SMFDATA of RACF's FACILITY class. This allows the operating system monitor saposcol to read the SMF records written by RMF.
PE ERBSDS.SMFDATA CLASS(FACILITY) ACCESS(READ) ID(<SAPSID>adm)
· Define the profile BPX.SAFFASTPATH of RACF's FACILITY class. For performance reasons, this profile is strongly recommended. For more information, see the IBM documentation z/OS UNIX System Services Planning, section Establishing the FastPath support for system authorization facility (SAF).
RDEFINE FACILITY BPX.SAFFASTPATH UACC(NONE)
· If the SAP SCS instance on z/OS is started as a started task, the user <sapsid>adm and group SAPSYS must be associated with the started task. This can be achieved by using the RACF STARTED class.