z/OS Common Information Model User's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Step PEUSR

z/OS Common Information Model User's Guide
SC34-2671-00

Step PEUSR

Step PEUSR 
//* Step PEUSR
//*      - permits default UserID's to required resources
//*      - sets up required surrogate
//*      - permits CFZSRV to BPX.SERVER (no effect if BPX.SERVER is not
//*                                     enabled on the system)
//*      - authorizes CIM server to write SMF records
//*      - authorizes CIM server to write to console
//PEUSR EXEC PGM=IKJEFT01,DYNAMNBR=99
//SYSPRINT DD SYSOUT=*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN  DD *

 PERMIT CIMSERV CL(WBEM) ACCESS(CONTROL) ID(CFZSRV)
 PERMIT CIMSERV CL(WBEM) ACCESS(CONTROL) ID(CFZADMGP)
 PERMIT CIMSERV CL(WBEM) ACCESS(UPDATE) ID(CFZUSRGP)
 SETROPTS RACLIST(WBEM) REFRESH

 SETROPTS CLASSACT(SURROGAT) RACLIST(SURROGAT) GENERIC(SURROGAT)
 RDEFINE SURROGAT BPX.SRV.** UACC(NONE)
 PERMIT BPX.SRV.** CL(SURROGAT) ACCESS(READ) ID(CFZSRV)
 SETROPTS RACLIST(SURROGAT) REFRESH

 PERMIT BPX.SERVER CL(FACILITY) ACCESS(UPDATE) ID(CFZSRV)
 SETROPTS RACLIST(FACILITY) REFRESH

 RDEFINE FACILITY BPX.SMF UACC(NONE)
 PERMIT BPX.SMF CL(FACILITY) ACCESS(READ) ID(CFZSRV)
 PERMIT BPX.CONSOLE CL(FACILITY) ACCESS(READ) ID(CFZSRV)
 SETROPTS RACLIST(FACILITY) REFRESH

/*

This step grants CIM users the necessary permissions to run, to control and to access the CIM server.

In detail it grants the following permissions:

For the CIM server user:
  • CONTROL access to profile CIMSERV in class WBEM

    This allows the user to start the CIM server.

  • READ access to profile BPX.SRV.** in class SURROGAT

    This allows the CIM server to switch a TCB into a requestor’s user for running client requests under the authority of the client’s user.

  • UPDATE access to profile BPX.SERVER in class FACILITY

    This authorizes the CIM server to validate user credentials and to verify user access to RACF® profiles.

  • READ access to profile BPX.SMF in class FACILITY

    This allows the CIM server to write SMF records when it is configured to do so. (See Audit logging with SMF record 86 for details on SMF support in CIM.)

  • READ access to profile BPX.CONSOLE in class FACILITY

    This allows the CIM server to issue messages on the z/OS console when the BPX.CONSOLE profile is defined.

For the CIM administrator group:
  • CONTROL access to profile CIMSERV in class WBEM

    This allows a user to perform administrative functions.

For the CIM users group:
  • UPDATE access to profile CIMSERV in class WBEM

    This allows a user to access CIM as a regular user.

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014