For security ,you need to enable these functions.LPARs can read other LPARs configuration or do changes...It is needed for HD or to reset one LPAR from another LPARs SA code as an example....
-Taken from pr/sm planning guide...SB10-7153-00 Global performance data control authority This control limits the ability of a LP to view CP activity data for other LPs. LPs with control authority for global performance data can view CP utilization data and Input/Output Processor (IOP) busy data for all of the LPs in the configuration. Additionally, gathering of FICON channel measurements requires selection of this parameter. Note: Logical partitions that use HiperDispatch require global performance data authorization in order to properly utilize excess CPU resources in the configuration. With the exception of an LP that is a member of a WLM Cluster, an LP without control authority for the performance data can view only the CP utilization data for that LP. Use the Customize/Delete Activation Profiles task available from the CPC Operational Customization tasks list to open a reset or image profile to enable global performance data control for an LP. The Global performance data control selection is located on the Security page for the LP. Note: An LP running a leve! l of RMF that supports FICON requires control authority even if no FICON is installed. Cross-partition authority This control can limit the capability of the LP to issue certain control program instructions that affect other LPs. LPs with cross-partition authority can issue instructions to perform a system reset of another LP, deactivate any other LP, and provide support for the automatic reconfiguration facility.The automatic reconfiguration facility permits a backup LP to deactivate a primary LP if a problem is detected in the primary LP. The backup LP can then configure online, storage resources that become available when the primary LP is deactivated. See "CPCs with the Sysplex Failure Manager (SFM)" on page 3-20. Use the Customize/Delete Activation Profiles task available from the CPC Operational Customization tasks list to open a reset or image profile to enable cross-partition authority for an LP. The Cross partition authority selection is located on the Security page for the LP Regards Meral -----Original Message----- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Clark Morris Sent: Thursday, August 19, 2010 1:54 AM To: IBM-MAIN@bama.ua.edu Subject: Re: [IBM-MAIN] API or visibility into PR/SM for Vendor-written programs? On 18 Aug 2010 14:22:00 -0700, in bit.listserv.ibm-main you wrote: >---------------------------------<snip>---------------------------------- >Is there an API or anything similar whereby a vendor-written program >could have visibility into a z box at the PR/SM level (other than >CSRSI)? Could "see" and potentially make configuration changes to "the >whole box" as opposed to a single LPAR? Can one write code that runs at >the "box" level, below the LPARs? >-------------------------------<unsnip>--------------------------------- >I'm sure that it's possible, but the interfaces are quite likely to be >proprietary and non-published. >From a security point of view I would hope that it would be impossible for one LPAR to know about another LPAR except through the sysplex mechanism and security package protected shared dasd. I would be wary of even read access. Clark Morris > >Certainly not a good idea, since the whole shop could be very adversely >affected in the event of a user specification or programming error. > >That's one of those areas where you should "Look but never touch." > >Rick > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html This message and attachments are confidential and intended solely for the individual(s) stated in this message. If you received this message although you are not the addressee, you are responsible to keep the message confidential. The sender has no responsibility for the accuracy or correctness of the information in the message and its attachments. Our company shall have no liability for any changes or late receiving, loss of integrity and confidentiality, viruses and any damages caused in anyway to your computer system. Bu mesaj ve ekleri, mesajda gonderildigi belirtilen kisi/kisilere ozeldir ve gizlidir. Bu mesajin muhatabi olmamaniza ragmen tarafiniza ulasmis olmasi halinde mesaj iceriginin gizliligi ve bu gizlilik yukumlulugune uyulmasi zorunlulugu tarafiniz icin de soz konusudur. Mesaj ve eklerinde yer alan bilgilerin dogrulugu ve guncelligi konusunda gonderenin ya da sirketimizin herhangi bir sorumlulugu bulunmamaktadir. Sirketimiz mesajin ve bilgilerinin size degisiklige ugrayarak veya gec ulasmasindan, butunlugunun ve gizliliginin korunamamasindan, virus icermesinden ve bilgisayar sisteminize verebilecegi herhangi bir zarardan sorumlu tutulamaz. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
