Security definitions

You need the assistance of a security administrator and a cryptographic administrator to complete this customization task, which requires the following resources and special customization tasks:

Various security software updates
PKCS#11 token with private key

Customize and submit the sample FEKRACF member, which has sample RACF® and z/OS® UNIX commands to create the basic security definitions for z/OS Explorer.

FEKRACF is located in FEK.#CUST.JCL, unless you specified a different location when you customized and submitted the FEK.SFEKSAMP(FEKSETUP) job. For more details, see Customization setup.

See the RACF Command Language Reference (SA22–7687), for more information about RACF commands.

Note:

For those sites that use CA ACF2^TM for z/OS, see the product page on the CA support site (https://support.ca.com) and check for the related IBM Rational Developer for System z Knowledge Document, TEC492389. This Knowledge Document has details on the security commands that are necessary to properly configure z/OS Explorer, as z/OS Explorer has the same requirements as Rational Developer for System z.
For those sites that use CA Top Secret® for z/OS, see the product page on the CA support site (https://support.ca.com) and check for the related IBM Rational Developer for System z Knowledge Document, TEC492091. This Knowledge Document has details on the security commands that are necessary to properly configure z/OS Explorer, as z/OS Explorer has the same requirements as IBM Developer for System z.

After the security setup is completed, the cryptographic administrator must customize and submit the sample FEKPKCS1 member, which will create a PKCS#11 private key for usage by SAF (System Authorization Facility) JSON Web tokens (JWT).

FEKPKCS1 is located in FEK.#CUST.JCL, unless you specified a different location when you customized and submitted the FEK.SFEKSAMP(FEKSETUP) job. For more details, see Customization setup.