Managing server security
You can enable or disable security for zRule Execution Server for z/OS® instances or specific server resources.
- Creating the RACF classes for securing server resources
Create and activate the RACF classes that you need to secure the server resources for your zRule Execution Server for z/OS server. - Configuring the Liberty server angel process
The angel process provides authorized services to WebSphere® Application Server Liberty Profile servers. - The angel process started task
The angel process started task JCL procedure is shipped with Operational Decision Manager for z/OS in the ++HBRINSTPATH++ directory. - The angel process started task SAF rules
- Starting the angel process started task
- Disabling types of security
You can disable all security for a zRule Execution Server for z/OS server or only specific types of security. - Managing connection security
Use connection security to ensure that only authorized user IDs are allowed to start a zRule Execution Server for z/OS or connect to execute rulesets. - Managing CONSOLE mode security
Use console security to ensure that only authorized user IDs can access the Rule Execution Server console. - Managing TEST mode security
Use test mode security to ensure that only authorized user IDs can access the Decision Runner and testing endpoints. - Managing command security
Use command security to ensure that only authorized users can issue zRule Execution Server for z/OS commands from the z/OS console. - Configuring SSL for data encryption
You can configure a zRule Execution Server for z/OS running in CONSOLE, TEST, or HTDS mode to use SSL for data encryption, and optionally authenticate with the server by using a client certificate. Certificates can be stored in a Java keystore or in a SAF keyring such as RACF. You set the HBRSSLKEYSTORE runtime variable to be either JAVA or SAF, depending on the keyring you are using.
Parent topic: Securing zRule Execution Server for z/OS resources