The RACF® tasks
should be performed by your system security administrator.
The following instructions assume you are using WebSphere® Application
Server security using RACF.
The Jazz™ Team Server uses four roles that must
be defined as RACF EJBROLE profiles for security control.
Define the four Jazz Team
Server roles in the EJBROLE class.
- Define the EJBROLE profiles:
- JazzAdmins
- Jazz repository
administrators with full read/write access.
- JazzDWAdmins
- Jazz repository
administrators with specific permissions to control the data warehouse on
a Jazz Team
Server.
- JazzGuests
- Users with read-only access to the Jazz repository.
- JazzUsers
- Users with regular read/write access to the Jazz repository.
For example:
RDEFINE EJBROLE JazzAdmins UACC(NONE)
RDEFINE EJBROLE JazzDWAdmins UACC(NONE)
RDEFINE EJBROLE JazzGuests UACC(READ)
RDEFINE EJBROLE JazzUsers UACC(NONE)
- Permit the appropriate access to users or groups.
For
example:
Permit JazzAdmins CLASS(EJBROLE) ID(jazAdmns) ACCESS(READ)
Permit JazzDWAdmins CLASS(EJBROLE) ID(jDwadmns) ACCESS(READ)
Permit JazzUsers CLASS(EJBROLE) ID(jazzgrp) ACCESS(READ)
- After completing the steps to configure Jazz Team Server,
you must log on as a Jazz Team Server administrator to verify this configuration.
Before attempting to verify the configuration, provide at least one user ID
or group with read authority to the JazzAdmins profile in the EJBROLE class.
Note: When
user IDs are added to the Jazz Team Server repository, they must also be given
read authority to the appropriate RACF profile in the EJBROLE class (JazzAdmins,
JazzDWAdmins, JazzGuests, JazzUsers).
Note: When a password expires,
the connection to Jazz is impossible but no error message is displayed.
The password must then be changed in RACF.