Setting up security with RACF

The RACF® tasks should be performed by your system security administrator.
The following instructions assume you are using WebSphere® Application Server security using RACF.

The Jazz™ Team Server uses four roles that must be defined as RACF EJBROLE profiles for security control. Define the four Jazz Team Server roles in the EJBROLE class.

  1. Define the EJBROLE profiles:
    JazzAdmins
    Jazz repository administrators with full read/write access.
    JazzDWAdmins
    Jazz repository administrators with specific permissions to control the data warehouse on a Jazz Team Server.
    JazzGuests
    Users with read-only access to the Jazz repository.
    JazzUsers
    Users with regular read/write access to the Jazz repository.
    For example:
    RDEFINE EJBROLE JazzAdmins UACC(NONE)
    RDEFINE EJBROLE JazzDWAdmins UACC(NONE)
    RDEFINE EJBROLE JazzGuests UACC(READ)
    RDEFINE EJBROLE JazzUsers UACC(NONE)
  2. Permit the appropriate access to users or groups.
    For example:
    Permit JazzAdmins CLASS(EJBROLE) ID(jazAdmns) ACCESS(READ)
    Permit JazzDWAdmins CLASS(EJBROLE) ID(jDwadmns) ACCESS(READ)
    Permit JazzUsers CLASS(EJBROLE) ID(jazzgrp) ACCESS(READ)
  3. After completing the steps to configure Jazz Team Server, you must log on as a Jazz Team Server administrator to verify this configuration. Before attempting to verify the configuration, provide at least one user ID or group with read authority to the JazzAdmins profile in the EJBROLE class.
    Note: When user IDs are added to the Jazz Team Server repository, they must also be given read authority to the appropriate RACF profile in the EJBROLE class (JazzAdmins, JazzDWAdmins, JazzGuests, JazzUsers).
    Note: When a password expires, the connection to Jazz is impossible but no error message is displayed. The password must then be changed in RACF.

Feedback

Did this help? You can provide feedback at Jazz.net (registration required): Comment in the forums or submit a bug