This article presents a sample of what the Customization Dialog's generated instructions might look like. This is a sample only--you must use the instructions generated from your own variables when configuring your system.
----------------------------------------------- Instructions for customizing a WebSphere® for z/OS® security domain. The customization dialog has created jobs based on the information you provided. These instructions tell you how to modify the operating system and run the jobs to customize WebSphere for z/OS. RULES: 1. If you created the target data sets (*.CNTL and *.DATA) on another (driving) system, you must copy them to the target system and give them the same data set names. 2. You must perform these instructions on your target system. 3. You will have saved the security domain definition values in a data set. These values will need to be loaded and used when creating a stand-alone application server or a Network Deployment environment. ------------------------------------------------------------------- Running the customized jobs --------------------------- The customization dialog built a number of batch jobs with the variables you supplied. You must run the jobs in the order listed below using user IDs with the appropriate authority. The customization dialog for WebSphere for z/OS does not attempt to update configuration data for your base operating system or existing subsystems. BEFORE YOU BEGIN: You must copy the target data sets (*.CNTL and *.DATA) to your target system and give them the same data set names, and you must be running on your target system. Follow the table below, which lists in order the jobs you must submit and the commands you must enter. Special handling notes are included in the table. All jobs are members of DATASET.CNTL. Attention: After submitting each job, carefully check the output. Errors may exist even when all return codes are zero. +-----------+----------------------------------------------------------+ | BBOSBRAJ | User ID requirement: Authority to update data set | +-----------+ | | Done: | DATASET.DATA. | | | | | | This job builds (but does not execute) the RACF® commands | | By: | for the WebSphere for z/OS security domain and places | | | them into member BBOSBRAK of data set | | | | | | DATASET.DATA. | | | | | | Carefully review these definitions with your security | | | administrator. | +-----------+----------------------------------------------------------+ | BBOSBRAK | User ID requirement: RACF special authority. | +-----------+ | | Done: | This job instantiates the security rules set up in the | | | previous job by invoking RACF commands. | | | | | | RESULT: You may receive errors, such as INVALID USER | | | messages, from this job because a user ID, group or | | | profile is already defined. Make sure the existing | | | user ID, group or profile has the same characteristics | | | as the user ID, group or profile being created by | | | BBOSBRAK. If not, then change the values in the | | | customization dialog which are causing the conflict, | | | regenerate the customization jobs, and restart the | | | process. | | By: | | | | | | | | | | | +-----------+----------------------------------------------------------+ | --------- | Activating the APPL class (optional) | +-----------+ | | Done: | The following APPL profile is created by BBOSBRAK with | | | UACC(READ) and permitted to the unauthenticated user | | | group WSCLGP: | | | | | | CB390 | | | | | | | | By: | However, in order to make use of APPL profile security | | | with WebSphere for z/OS, you must also activate the RACF | | | APPL class globally with the command: | | | | | | SETROPTS CLASSACT(APPL) | | | | | | Consult with your site security administrator before | | | issuing this command, as it affects all RACF-controlled | | | applications that check the APPL class. See the WAS | | | InfoCenter for more information on implementing security | | | using APPL class profiles. | | | | +-----------+----------------------------------------------------------+