Just think JZOS just like any other batch job or STC. Bare minimum, it needs to be like any basic user of Unix System Services. Give it a UID/GID and a home.. it needs access to run java aka /usr/lpp/java. Anything else past there is dependent on what you are running. If it is just reading and writing data sets.. then give it data set auth... console commands ... it needs OPERCMDS or however else you are securing them.
Do you have something specific that is running in JZOS that you are trying to secure? Rob Schramm On Sun, Mar 20, 2011 at 10:51 AM, Patrick Kappeler <[email protected]>wrote: > Hello > I'm looking for answers to specific questions I have reading the JZOS > literature > I could find on the net (developper works, redbooks, ...)...and no real > answers > in these documents. Questions like: > - Does the RACF user starting the procedure or submitting need a UID with > spcific privileges (or just an "others" from the JRE permission bits > standpoint) ? > - Can it be a RACF protected user ? > - This one probably more on the z/OS side: If JZOS is enabled to transmit > operator commands I'm assuming that they can be protected via profiles in > the OPERCMDS class (or do I miss something) ? > > Would anybody know of a security oriented document for JZOS ? > Thanks a lot > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > -- Rob Schramm Senior Systems Engineer w: 513.305.6224 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
