This topic applies only on the z/OS operating system.

Sample generated instructions: Security domain

This article presents a sample of what the Customization Dialog's generated instructions might look like. This is a sample only--you must use the instructions generated from your own variables when configuring your system.

-----------------------------------------------                         
Instructions for customizing a WebSphere® for z/OS® security domain.     
                                                                        
The customization dialog has created jobs based on the information you  
provided. These instructions tell you how to modify the operating       
system and run the jobs to customize WebSphere for z/OS.               
                                                                        
RULES:                                                                  
                                                                        
1.  If you created the target data sets (*.CNTL and *.DATA) on another  
    (driving) system, you must copy them to the target system and give  
    them the same data set names.                                      
                                                                        
2.  You must perform these instructions on your target system.
                                                                        
3.  You will have saved the security domain definition values
    in a data set. These values will need to be loaded and used         
    when creating a stand-alone application server or a Network         
    Deployment environment.                                             
                                                                        
    ------------------------------------------------------------------- 
                                                                        
Running the customized jobs                                             
---------------------------                                             
                                                                        
The customization dialog built a number of batch jobs with the          
variables you supplied. You must run the jobs in the order listed       
below using user IDs with the appropriate authority.                    
                                                                        
The customization dialog for WebSphere for z/OS does not attempt to     
update configuration data for your base operating system or existing    
subsystems.                                                             
                                                                        
BEFORE YOU BEGIN: You must copy the target data sets (*.CNTL and        
*.DATA) to your target system and give them the same data set names,    
and you must be running on your target system.                          
                                                                        
Follow the table below, which lists in order the jobs you must submit   
and the commands you must enter. Special handling notes are included    
in the table. All jobs are members of                                   
                                                                        
DATASET.CNTL.                                                           
                                                                        
Attention: After submitting each job, carefully check the output.       
Errors may exist even when all return codes are zero.                   
                                                                        
+-----------+----------------------------------------------------------+
| BBOSBRAJ  | User ID requirement: Authority to update data set        |
+-----------+                                                          |
| Done:     | DATASET.DATA.                                            |
|           |                                                          |
|           | This job builds (but does not execute) the RACF® commands |
| By:       | for the WebSphere for z/OS security domain and places    |
|           | them into member BBOSBRAK of data set                    |
|           |                                                          |
|           | DATASET.DATA.                                            |
|           |                                                          |
|           | Carefully review these definitions with your security    |
|           | administrator.                                           |
+-----------+----------------------------------------------------------+
| BBOSBRAK  | User ID requirement: RACF special authority.             |
+-----------+                                                          |
| Done:     | This job instantiates the security rules set up in the   |
|           | previous job by invoking RACF commands.                  |
|           |                                                          |
|           | RESULT: You may receive errors, such as INVALID USER     |
|           | messages, from this job because a user ID, group  or     |
|           | profile is already defined.  Make sure the existing      |
|           | user ID, group or profile has the same characteristics   |
|           | as the user ID, group or profile being created by        |
|           | BBOSBRAK.  If not, then change the values in the         |
|           | customization dialog which are causing the conflict,     |
|           | regenerate the customization jobs, and restart the       |
|           | process.                                                 |
| By:       |                                                          |
|           |                                                          |
|           |                                                          |
|           |                                                          |
+-----------+----------------------------------------------------------+
| --------- | Activating the APPL class (optional)                     |
+-----------+                                                          |
| Done:     | The following APPL profile is created by BBOSBRAK with   |
|           | UACC(READ) and permitted to the unauthenticated user     |
|           | group WSCLGP:                                            |
|           |                                                          |
|           | CB390                                                    |
|           |                                                          |
|           |                                                          |
| By:       | However, in order to make use of APPL profile security   |
|           | with WebSphere for z/OS, you must also activate the RACF |
|           | APPL class globally with the command:                    |
|           |                                                          |
|           |      SETROPTS CLASSACT(APPL)                             |
|           |                                                          |
|           | Consult with your site security administrator before     |
|           | issuing this command, as it affects all RACF-controlled  |
|           | applications that check the APPL class.  See the WAS     |
|           | InfoCenter for more information on implementing security |
|           | using APPL class profiles.                               |
|           |                                                          |
+-----------+----------------------------------------------------------+



Related reference
Related information
Following the generated customization instructions: Security domain
Reference topic    

Terms of Use | Feedback

Last updated: Sep 20, 2010 10:03:57 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-zos&topic=rins_dialogsteps_sampinst1
File name: rins_dialogsteps_sampinst1.html