Specific security definitions are used to secure IBM UrbanCode™ Deploy (UCD) functions for the IBM® z/OS® environment. To deploy applications to an IBM z/OS environment, the user accounts on the agent computer must have adequate access permissions. You
must also identify specific directories and data sets to the authorized program facility.
The topics in this section present the security configurations related to the agent started task,
data sets, file systems, user IDs, impersonation and security configurations related to the z/OS
Utility plugin.
Agent started task and agent user ID
The UrbanCode Deploy
IBM z/OS agent is a long running Java process in the
IBM z/OS UNIX System Services. The UrbanCode Deploy server distributes work, known as deploy processes, to
an agent to execute. For each step in the deploy process, the agent starts a separate work process.
The work process inherits the agent user ID’s security environment, unless the process is configured
to use impersonation.
Figure 1. z/OS Server Agent Architecture
Agent impersonation
The
su command is used to impersonate users. This figure shows a deployment
scenario with two logical environments, DEV and TEST, in the same logical partition ( LPAR). The
deployment process is configured so that the agent impersonates USERA when deploying to DEV and
USERB when deploying to TEST.
Figure 2. z/OS Impersonation