Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Configuring the CIM server's resource authorization model z/OS Common Information Model User's Guide SC34-2671-00 |
|
Configuring the CIM server's resource authorization modelThe CIM server can be run with two different authorization models, depending on whether the profile BPX.SERVER is defined in the FACILITY class or not. In any case, the CIM server follows a resource-based authorization model, which means that user requests are processed in separate threads, for which the security context is switched to the user ID of the requestor or to a designated user ID. So when a CIM provider performs a user request in such a thread, it accesses any z/OS system resource under the requestor's or a designated user ID and thus, authorization checks occur against this user ID. These checks are performed in addition to the general access check for the CIM server through the CIMSERV profile in class WBEM. To let the resource based authorization security work properly, set up the CIM server user ID as follows: __ 1. If the Enhanced Security model is disabled:
If the Enhanced Security model is enabled:
__ 2. Consider to enable the must-stay-clean
feature (see Enabling the must-stay-clean feature).
__ 3. If the Enhanced Security model or the must-stay-clean
feature is enabled, make sure that the CIM server runs in a clean program
controlled environment (see Setting up program control). |
Copyright IBM Corporation 1990, 2014
|