CIM provider access control

CIM provider access control permits the Communications Server CIM providers to gather CIM data, when the user ID associated with the client of the z/OS® CIM server is not defined as a superuser. For more information on the CIM providers, see Considerations for Common Information Model providers.

Access can be controlled by an external security manager product, such as RACF®, by defining the resource profile name EZB.CIMPROV.sysname.tcpname in the SERVAUTH class. For examples of the security product commands needed to create this resource profile name and grant users access to it, see member EZARACF in sample data set SEZAINST.

Access is granted if the user ID associated with the client of the z/OS CIM server is permitted (has read access) to this resource profile.

Guideline: Some security products do not distinguish between a resource profile that is not defined and a user that is not permitted to that resource profile. If your product does not make this distinction, you must define the CIM provider resource profile and permit the client user ID to it whenever the SERVAUTH class is active, if you want the Communications Server CIM providers to be able to gather CIM data.
Parent topic: TCP/IP resource protection