Specific security definitions are used to secure IBM® UrbanCode® Deploy functions for the IBM z/OS® environment. To deploy applications to an IBM z/OS environment, the user accounts on the agent computer must have adequate access permissions. You
must also identify specific directories and data sets to the authorized program facility.
The topics in this section present the security configurations related to the agent started task,
data sets, file systems, user IDs, impersonation and security configurations related to the z/OS
Note: This document does NOT cover the IBM UrbanCode Deploy server’s security model and the security configurations related to server agent communication.
Refer to Security configuration related to
Agent started task and agent user ID
The IBM UrbanCode DeployIBM z/OS agent is a long running Java process in the IBM z/OS UNIX System Services. The IBM UrbanCode Deploy server distributes work, known as deploy processes, to an agent to execute. For each step in the
deploy process, the agent starts a separate work process. The work process inherits the agent user
ID’s security environment, unless the process is configured to use impersonation.
The su command is used to impersonate users. This figure shows a deployment
scenario with two logical environments, DEV and TEST, in the same logical partition (LPAR). The
deployment process is configured so that the agent impersonates USERA when deploying to DEV and
USERB when deploying to TEST.