Managing credentials

To scan your resources with IBM Z® Security and Compliance Center, you must grant various access levels to the collector. Credentials are used by the collector to authenticate and authorize IBM Z Security and Compliance Center to connect to resources for collection.

Before you begin

Ensure that you have the required level of access to view and manage credentials. Consider creating a special role for this task. For example, define a client role called "assurance-client" and ensure that it includes the role "manage credential."

You must have access to the credentials that are needed to access your resource configurations.

To learn more about the types of credentials that you must provide and what level of access your credentials require, see What are the required permissions?.

Creating a credential in the dashboard

To create a new credential, you can use the IBM Z Security and Compliance Center (zSCC) dashboard.
  1. Start of change

    If you have installed the 1.2.1.3 version of the zSCC, click Settings in the navigation menu in zSCC.

    If you have installed the 1.2.1.2 or a previous version of the zSCC, click Configure > Settings in the navigation menu.

    End of change
  2. Select the Credentials tab.
  3. Click Add.
  4. Give your credential a meaningful name and a description.
  5. Select a purpose for your credential. Options include Discovery/Collection, Remediation, or Both.
  6. Click Next.
  7. Choose a credential type from the following options:
    • Database
    • Username - password
    • Username - PEM
    Note: The type of credential that you create depends on the type of resources that you want to scan.
  8. Add the access information. Depending on the type of credential that you selected in Step 7, the options on the page change. To learn more about the information that you must provide based on the type of credential that you selected, see What are the required permissions?.
    Note: The level of access that your credentials need depends on the actions that you want theIBM Z Security and Compliance Center to take. If you want to run scans only on your resources, you must create credentials that provide the collector with read access to your resources.
  9. If a passphrase is configured, enter the passphrase.
  10. Verify your information and click Create. The credential is added to a list of available credentials.
Tip: To edit or delete existing credentials, click the Actions icon and click Edit or Delete.