Security on z/OS systems

When you install Jazz® Team Server and the other IBM Engineering Lifecycle Management (ELM) applications on z/OS systems, several tasks are required to make the ELM functions secure and available.

These instructions are intended for people who are installing a combination of the Jazz Team Server, any of the ELM applications, the IBM Engineering Workflow Management (EWM) Build System Toolkit, and the Rational® Build Agent on z/OS.

When you are setting up security for an installation on z/OS, include these topics in your planning:
Data set protection
Security is needed for z/OS data sets that are associated with Jazz Team Server, the ELM applications, the EWM Build System Toolkit, and Rational Build Agent.
RACF® general resource profiles, GROUPs, and USERs
Several Resource Access Control Facility (RACF) resources must be configured in order to use the ELM components on z/OS.
UNIX System Services (USS) directory protection
To install and configure the ELM components on z/OS, you use three main directories and associated subdirectories that need appropriate user and group-level permissions:
  1. Product binary files: Installed by SMP/E, typically to a directory such as /usr/lpp/jazz/v7.0.2
  2. Configuration directories: Created by running sample configuration jobs to create and populate a directory such as /etc/jazz702
  3. Working directories: Created by running sample configuration jobs to create and populate a directory such as /u/jazz702
Database access
If you are running Jazz Team Server and ELM applications on z/OS, you must provide access from the server to Db2® z/OS databases for the applications and data warehouse.
Started tasks
Started tasks and associated user IDs can be defined for use with the Liberty Server profile, the daemon used to support the ISPF client, and Rational Build Agent.
Additional server profile requirements and EJBROLEs
Additional RACF requirements are defined if you are running the server on z/OS as well as RACF EJBROLEs to control user access
Three sample members are provided from the hlq.SBLZSAMP library, where hlq is the high-level qualifier that was specified during the SMP/E installation:
  • BLZRACF: This sample member is for the server with WebSphere® Application Server full profile, and is installed with SMP/E FMID HRCC702.
  • BLZRACFL: This sample member is similar to BLZRACF but is intended for when you are also planning to use the WebSphere Liberty Profile on z/OS for the application server and is installed with HRWL702.
  • BLZRACFT: This sample member is for the Build System Toolkit and Rational Build Agent, and is installed with SMP/E FMID HRBT702.
You can customize these sample members and submit the jobs to perform the RACF updates.
The security considerations for your deployment vary based on which components you installed. Depending on your setup, see one or more of these topics: