User management
User access to the Docker CLI can be managed using either local user management or central LDAP server-based user management. You can also change the user management technique of a provisioned zCX instance using the Reconfiguration workflow
Using a local user management within a zCX instance
Using this method, a Docker administrator user ID is specified during provisioning of a zCX instance. The Docker administrator has access to the Docker CLI, as well as the ability to define and delete additional zCX users. This approach is simple, and therefore useful when conducting initial testing in zCX or when a limited number of zCX instances are deployed. However, it requires that all authorized users are defined and maintained on each individual zCX instance; there is no sharing of user access across zCX instances.
Using an LDAP server for authorization across zCX instances
- IBM® Tivoli® Directory Server for z/OS®. This LDAP server allows optional integration with RACF or other compliant security manager products using the SDBM so that you can authorize users to zCX using their existing z/OS users and credentials.
- An LDAP server, such as OpenLPAP, in your enterprise.
The remainder of this chapter provides instructions to proceed with either user management method.