z/OS Common Information Model User's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Step CRUSR

z/OS Common Information Model User's Guide
SC34-2671-00

Step CRUSR

Step CRUSR 

//*
//* Step CRUSR creates default groups and users required for CIM
//* CFZSRVGP    -   CIM server ID's default group
//* CFZADMGP    -   CIM admin ID's default group
//* CFZUSRGP    -   CIM end-users ID's default group
//*
//* CFZSRV      -   CIM server UserId used by Started Task
//*
//CRUSR EXEC PGM=IKJEFT01,DYNAMNBR=99
//SYSPRINT DD SYSOUT=*                                                 
//SYSTSPRT DD SYSOUT=*                                                 
//SYSTSIN  DD *                                                        
                                                                       
 ADDGROUP CFZSRVGP OMVS(GID(9501))
 ADDGROUP CFZADMGP OMVS(GID(9502))
 ADDGROUP CFZUSRGP OMVS(GID(9503))

 ADDUSER CFZSRV DFLTGRP(CFZSRVGP) OMVS(UID(0) PROGRAM('/bin/sh') +
   HOME('/u/cfzsrv')) NOPASSWORD NOOIDCARD
ADDSD 'CFZSRV.**' UACC(NONE)
 PERMIT 'CFZSRV.**' CLASS(DATASET) ID(CFZSRV) ACCESS(ALTER)
 SETROPTS GENERIC(DATASET) REFRESH
 ALTUSER CFZSRV DFLTGRP(CFZSRVGP) OMVS(UID(0) PROGRAM('/bin/sh') +
   HOME('/u/cfzsrv')) NOPASSWORD NOOIDCARD NOPHRASE
/*

This step creates or updates the user CFZSRV for running the CIM server as a started task. By default the UID for the CIM server user is set to 0 to run the CIM server with superuser privileges. While this may be sufficient for a simple setup, if you have defined the BPX.SERVER profile in the class FACILITY, and class FACILITY is activated, it is recommended to change the UID for CFZSERV to a non null value. The default in this case is 9500.

A default data set profile is created to ensure that the CIM server user ID can access its home profile and other relevant settings.

In addition this step creates distinct groups for the CIM server user (CFZSRVGP), CIM server administrators (CFZADMGP) and end users (CFZUSRGP). To grant a user access to CIM, simply connect the user to the according group, for example with the command 

CONNECT (username) GROUP(CFZUSRGP) AUTHORITY(USE)

The CFZUSRGP grants a user access to all resources that are managed through CIM. Depending on how granular you want to control users’ access to CIM, you may want to create additional groups that allow access only to a subset of resources managed through CIM.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014