Setting up security for the z/OSMF plug-ins
In z/OSMF, the authorization of users to functions (z/OSMF tasks and links) is based on traditional z/OS security controls, such as user IDs and groups, and SAF resource profiles. This topic describes the actions for setting up security for the z/OSMF tasks and links.
To perform work in z/OSMF, a user requires a valid user ID on the z/OS® host system and authorization to one or more z/OSMF tasks on that system. Your security administrator authorizes users to z/OSMF resources through your security management product, such as RACF. After the required plug-ins are added to your system and the associated security controls are established, a user can begin using z/OSMF to perform system management tasks.
Using the IZUxxSEC sample jobs
As an aid to your security administrator, z/OSMF includes the IZUxxSEC sample jobs, which contain RACF commands for creating resource authorizations for the optional plug-ins. The IZUxxSEC sample jobs are provided as members in the partitioned data set SIZUJCL. This data set is created by default when your installation installs z/OSMF through SMP/E.
- IZUCPSEC
- Capacity Provisioning
- IZUCASEC
- Configuration Assistant
- IZUILSEC
- Incident Log
- IZUISSEC
- ISPF
- IZURMSEC
- Resource Monitoring
- IZUDMSEC
- Software Deployment
- IZUWMSEC
- Workload Management
Depending on which plug-ins you choose to enable, review the associated IZUxxSEC job to determine which security commands should be run for your installation.
Using the IZUAUTH sample job
The data set SIZUJCL also includes the IZUAUTH job, which your security administrator can use for authorizing user IDs to the z/OSMF plug-ins. Specifically, the job contains a number of CONNECT statements for connecting user IDs to the z/OSMF security groups.