Migrate security definitions for HCM users
Description
With z/OS V2R1, Hardware Configuration Definition (HCD) uses the application ID CBDSERVE to verify any user that logs on to the HCD agent, that is, any user that uses Hardware Configuration Manager (HCM) to perform hardware configuration definitions. If you have the APPL class active in your external security manager, for example in RACF, and you have a generic profile in that class that covers the new HCD application ID CBDSERVE, you need to permit all HCM users READ access to that profile. Otherwise, the users of HCM are no longer able to log on to HCD.
Table 1 provides more details about this migration action. Use this information to plan your changes to the system.
Element or feature: | HCD |
---|---|
When change was introduced: | z/OS V2R1 |
Applies to migration from: | z/OS V1R13. |
Timing: | Before installing z/OS V2R2. |
Is the migration action required? | Yes, if you use HCM to perform hardware configuration definitions, have the APPL security class active in your security product, and have a APPL profile that covers the application ID CBDSERVE. |
Target system hardware requirements: | None. |
Target system software requirements: | None. |
Other system (coexistence or fallback) requirements: | None. |
Restrictions: | None. |
System impacts: | None. |
Related IBM Health Checker for z/OS check: | None. |
Steps to take
You can either give all HCM
users READ access to your existing APPL profile that covers the HCD
application ID CBDSERVE, or you can define a specific profile for
the new HCD application ID and permit all HCM users to that profile.
Sample definitions for a new profile and a user HCDUSER for RACF are
similar to the following:
RDEFINE APPL CBDSERVE UACC(NONE)
PERMIT CBDSERVE CLASS(APPL) ID(HCDUSER) ACCESS(READ)
Reference information
For more information,
see the following references:
- For information about protecting applications and the security definitions in RACF, see z/OS Security Server RACF Security Administrator's Guide.
- For information about setting up the HCD agent for use by HCD and HCM users, see z/OS HCD User's Guide.