Migrate security definitions for HCM users

Description

With z/OS V2R1, Hardware Configuration Definition (HCD) uses the application ID CBDSERVE to verify any user that logs on to the HCD agent, that is, any user that uses Hardware Configuration Manager (HCM) to perform hardware configuration definitions. If you have the APPL class active in your external security manager, for example in RACF, and you have a generic profile in that class that covers the new HCD application ID CBDSERVE, you need to permit all HCM users READ access to that profile. Otherwise, the users of HCM are no longer able to log on to HCD.

Table 1 provides more details about this migration action. Use this information to plan your changes to the system.

Table 1. Information about this migration action
Element or feature: HCD
When change was introduced: z/OS V2R1
Applies to migration from: z/OS V1R13.
Timing: Before installing z/OS V2R2.
Is the migration action required? Yes, if you use HCM to perform hardware configuration definitions, have the APPL security class active in your security product, and have a APPL profile that covers the application ID CBDSERVE.
Target system hardware requirements: None.
Target system software requirements: None.
Other system (coexistence or fallback) requirements: None.
Restrictions: None.
System impacts: None.
Related IBM Health Checker for z/OS check: None.

Steps to take

You can either give all HCM users READ access to your existing APPL profile that covers the HCD application ID CBDSERVE, or you can define a specific profile for the new HCD application ID and permit all HCM users to that profile. Sample definitions for a new profile and a user HCDUSER for RACF are similar to the following: 
RDEFINE APPL CBDSERVE UACC(NONE)
PERMIT CBDSERVE CLASS(APPL) ID(HCDUSER) ACCESS(READ)

Reference information

For more information, see the following references:
Parent topic: HCD actions to perform before installing z/OS V2R2