Step PEUSR
Step PEUSR
//* Step PEUSR
//* - permits default UserID's to required resources
//* - sets up required surrogate
//* - permits CFZSRV to BPX.SERVER (no effect if BPX.SERVER is not
//* enabled on the system)
//* - authorizes CIM server to write SMF records
//* - authorizes CIM server to write to console
//PEUSR EXEC PGM=IKJEFT01,DYNAMNBR=99
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
PERMIT CIMSERV CL(WBEM) ACCESS(CONTROL) ID(CFZSRV)
PERMIT CIMSERV CL(WBEM) ACCESS(CONTROL) ID(CFZADMGP)
PERMIT CIMSERV CL(WBEM) ACCESS(UPDATE) ID(CFZUSRGP)
SETROPTS RACLIST(WBEM) REFRESH
SETROPTS CLASSACT(SURROGAT) RACLIST(SURROGAT) GENERIC(SURROGAT)
RDEFINE SURROGAT BPX.SRV.** UACC(NONE)
PERMIT BPX.SRV.** CL(SURROGAT) ACCESS(READ) ID(CFZSRV)
SETROPTS RACLIST(SURROGAT) REFRESH
PERMIT BPX.SERVER CL(FACILITY) ACCESS(UPDATE) ID(CFZSRV)
SETROPTS RACLIST(FACILITY) REFRESH
RDEFINE FACILITY BPX.SMF UACC(NONE)
PERMIT BPX.SMF CL(FACILITY) ACCESS(READ) ID(CFZSRV)
PERMIT BPX.CONSOLE CL(FACILITY) ACCESS(READ) ID(CFZSRV)
SETROPTS RACLIST(FACILITY) REFRESH
/*
This step grants CIM users the necessary permissions to run, to
control and to access the CIM server.
In detail it grants the following permissions:
- For the CIM server user:
-
- CONTROL access to profile CIMSERV in class WBEM
This
allows the user to start the CIM server.
- READ access to profile BPX.SRV.** in class SURROGAT
This
allows the CIM server to switch a TCB into a requestor’s user
for running client requests under the authority of the client’s
user.
- UPDATE access to profile BPX.SERVER in class FACILITY
This
authorizes the CIM server to validate user credentials and to verify
user access to RACF® profiles.
- READ access to profile BPX.SMF in class FACILITY
This
allows the CIM server to write SMF records when it is configured to
do so. (See Audit logging with SMF record 86 for details on SMF support
in CIM.)
- READ access to profile BPX.CONSOLE in class FACILITY
This
allows the CIM server to issue messages on the z/OS console when the
BPX.CONSOLE profile is defined.
- For the CIM administrator group:
-
- For the CIM users group:
-
|