Security requirements

This topic lists IBM RACF security requirements for MainView for Java Environments. If you are running a security product other than IBM RACF, see your security product documentation for more information.

MainView for Java Environments requires the following security resources:

  • OMVS segment for the user ID that runs the MainView for Java Environments PAS

  • Superuser authority for the OMVS segment

  • Read access to the BPX.JOBNAME Facility
  • Read access to IBM z/OS Connect  Enterprise Edition  (z/OS Connect EE) (PTF BPF0249 applied)
  • Read access to the IBM WebSphere Liberty server (PTF BPF0297 applied)

Use the following procedures to meet these requirements.

To grant superuser authority for the OMVS segment

Use one of the following methods:

  • For the user ID, grant authorized read access to BPX.SUPERUSER (the Facility class resource).

    Example

    permit BPX.SUPERUSER CLASS(FACILITY) ACCESS(READ) ID(<userID>)
  • For the user ID, grant authorized read access to SUPERUSER.PROCESS.GETPSENT (the UNIXPRIV class resource).

    Example

    permit SUPERUSER.PROCESS.GETPSENT CLASS(UNIXPRIV) ACCESS(READ) ID(<userID>)

Note

The following conditions apply to assigning UID:

  • To activate the new definitions, you might need to refresh the updated class.
  • The segment requires a nonzero user ID and a home path.

For more information, see OMVS segment requirements and ESM definitions

To grant read access to BPX.JOBNAME

For the user ID, grant authorized read access to BPX.JOBNAME (the Facility class resource).

Example

permit BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) ID(<userID>)

Note

To activate the new definitions, you might need to refresh the updated class.

For more information, see Managing security for MainView products Open link .

To grant read access to z/OS Connect EE (PTF BPF0249 applied)

  1. For the z/OS Connect EE user ID, grant authorized read access to BPX.SMF (the Facility class resource).

    PERMIT BPX.SMF CLASS(FACILITY) ACCESS(READ) ID(<userID>)

    Note

    For userID, specify the z/OS Connect EE user ID.

  2. For the MainView for Java Environments user ID, grant authorized read access to BBGZDFLT.ZOS (the Facility class resource).

    PE <BBGZDFLT> ID(<userID>) CLASS(APPL) ACCESS(READ) 

    Notes

    For userID, specify the PAS user ID. The PAS must have the appropriate security certificates associated with its user ID.

    For BBGZDFLT, specify the APPL class security prefix for the server.

              

To grant read access to the Liberty server  (PTF BPF0297 applied)

  1. For the MainView for Java Environments user ID, grant authorized read access to the Liberty server (the EJBROLE class resource).

    PERMIT <serverProfilePrefix>.com.ibm.ws.management.security.resource.Administrator ID(<userID>) ACCESS(READ) CLASS(EJBROLE)
    PERMIT <serverProfilePrefix>.com.ibm.ws.management.security.resource.Reader ID(<userID>) ACCESS(READ) CLASS(EJBROLE)

    Notes

    For userID, specify the PAS user ID. The PAS must have the appropriate security certificates associated with its user ID.

    For serverProfilePrefix, specify profile prefix for the Liberty server.

    For more information, view the Quick Course MainView for Java Environments: Set MVJE and Liberty servers to gather JMX data using the REST interface Open link .


Related topics


 


This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Comments