Security requirements

This topic lists IBM RACF security requirements for MainView for Java Environments. If you are running a security product other than IBM RACF, see your security product documentation for more information.

MainView for Java Environments requires the following security resources:

  • OMVS segment for the user ID that runs the MainView for Java Environments PAS
  • Superuser authority for the OMVS segment
  • Read access to the BPX.JOBNAME Facility
  • Read access to IBM z/OS Connect  Enterprise Edition  (z/OS Connect EE) (PTF BPF0249 applied)
  • Read access to the IBM WebSphere Liberty server (PTF BPF0297 applied)

Use the following procedures to meet these requirements.

To grant superuser authority for the OMVS segment

Click here to expand...

Use one of the following methods:

  • For the user ID, grant authorized read access to BPX.SUPERUSER (the Facility class resource).

    Example
    permit BPX.SUPERUSER CLASS(FACILITY) ACCESS(READ) ID(<userID>)

  • For the user ID, grant authorized read access to SUPERUSER.PROCESS.GETPSENT (the UNIXPRIV class resource).

    Example
    permit SUPERUSER.PROCESS.GETPSENT CLASS(UNIXPRIV) ACCESS(READ) ID(<userID>)

Note

The following conditions apply to assigning UID:

  • To activate the new definitions, you might need to refresh the updated class.
  • The segment requires a nonzero user ID and a home path.

For more information, see OMVS-segment-requirements-and-ESM-definitions

To grant read access to BPX.JOBNAME

Click here to expand...

For the user ID, grant authorized read access to BPX.JOBNAME (the Facility class resource).

Example
permit BPX.JOBNAME CLASS(FACILITY) ACCESS(READ) ID(<userID>)

Note

To activate the new definitions, you might need to refresh the updated class.

For more information, see Managing security for MainView products.

To grant read access to z/OS Connect EE (PTF BPF0249 applied)

Click here to expand...

  1. For the z/OS Connect EE user ID, grant authorized read access to BPX.SMF (the Facility class resource).

    PERMIT BPX.SMF CLASS(FACILITY) ACCESS(READ) ID(<userID>)

    Note

    For userID, specify the z/OS Connect EE user ID.

  2. For the MainView for Java Environments user ID, grant authorized read access to BBGZDFLT.ZOS (the Facility class resource).

    PE <BBGZDFLT> ID(<userID>) CLASS(APPL) ACCESS(READ

    Notes

    For userID, specify the PAS user ID. The PAS must have the appropriate security certificates associated with its user ID.

    For BBGZDFLT, specify the APPL class security prefix for the server.

              

To grant read access to the Liberty server  (PTF BPF0297 applied)

Click here to expand...

  1. For the MainView for Java Environments user ID, grant authorized read access to the Liberty server (the EJBROLE class resource).

    PERMIT <serverProfilePrefix>.com.ibm.ws.management.security.resource.Administrator ID(<userID>) ACCESS(READ) CLASS(EJBROLE)
    PERMIT <serverProfilePrefix>.com.ibm.ws.management.security.resource.Reader ID(<userID>) ACCESS(READ) CLASS(EJBROLE)

    Notes

    For userID, specify the PAS user ID. The PAS must have the appropriate security certificates associated with its user ID.

    For serverProfilePrefix, specify profile prefix for the Liberty server.

    GUID-47E5A770-A760-442A-9F5A-06872981813D-low.png


Related topics

Planning


 


 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*