Security on z/OS systems
When you install Jazz® Team Server and the other IBM Engineering Lifecycle Management (ELM) applications on z/OS systems, several tasks are required to make the ELM functions secure and available.
These instructions are intended for people who are installing a combination of the Jazz Team Server, any of the ELM applications, the IBM Engineering Workflow Management (EWM) Build System Toolkit, and the Rational® Build Agent on z/OS.
When you are setting up security for an installation on z/OS, include
these topics in your planning:
- Data set protection
- Security is needed for z/OS data sets that are associated with Jazz Team Server, the ELM applications, the EWM Build System Toolkit, and Rational Build Agent.
- RACF® general resource profiles, GROUPs, and USERs
- Several Resource Access Control Facility (RACF) resources must be configured in order to use the ELM components on z/OS.
- UNIX System Services (USS) directory protection
- To install and configure the ELM
components on z/OS, you use
three main directories and associated subdirectories that need appropriate user and group-level
permissions:
- Product binary files: Installed by SMP/E, typically to a directory such as /usr/lpp/jazz/v7.0.2
- Configuration directories: Created by running sample configuration jobs to create and populate a directory such as /etc/jazz702
- Working directories: Created by running sample configuration jobs to create and populate a directory such as /u/jazz702
- Database access
- If you are running Jazz Team Server and ELM applications on z/OS, you must provide access from the server to Db2® z/OS databases for the applications and data warehouse.
- Started tasks
- Started tasks and associated user IDs can be defined for use with the Liberty Server profile, the daemon used to support the ISPF client, and Rational Build Agent.
- Additional server profile requirements and EJBROLEs
- Additional RACF requirements are defined if you are running the server on z/OS as well as RACF EJBROLEs to control user access
Three sample members are provided from the hlq.SBLZSAMP library,
where hlq is the high-level
qualifier that was specified during the SMP/E installation:
- BLZRACF: This sample member is for the server with WebSphere® Application Server full profile, and is installed with SMP/E FMID HRCC702.
- BLZRACFL: This sample member is similar to BLZRACF but is intended for when you are also planning to use the WebSphere Liberty Profile on z/OS for the application server and is installed with HRWL702.
- BLZRACFT: This sample member is for the Build System Toolkit and Rational Build Agent, and is installed with SMP/E FMID HRBT702.
The security considerations for your deployment vary based on which
components you installed. Depending on your setup, see one or more
of these topics:
- RACF security on z/OS systems: Read this topic if you have Jazz Team Server or the Build System Toolkit installed on z/OS.
- Jazz Team Server security on z/OS systems: Read this topic if you are deploying Jazz Team Server and the ELM applications on z/OS.
- Security for the Build System Toolkit and Rational Build Agent on z/OS systems: Read this topic if you are deploying the Build System Toolkit or Rational Build Agent on z/OS.