Security customization dialog settings
Use the Customization Dialog help panels - worksheets and definitions to:
Note:
- You must set up a base Application Server using the dialogs before using
this one to set up a Network Deployment node, which is managed by the deployment
manager process (dmgr). It is critical that you LOAD saved environment
variables from the base Application Server into the deployment manager node
that federates the base node. Do this before performing security customization
on the deployment manager node.
- If the APPL class is active and you have defined a profile for WebSphere,
make sure that all z/OS identities using WebSphere services have READ permission
to the WebSphere Application Server APPL profile. This includes all WebSphere
Application Server identities, WebSphere Application Server unauthenticated
identities, WebSphere Application Server administrative identities, user IDs
based on role-to-user mappings, and all user identities for system users.
If you have not defined a security domain, the APPL profile used is CBS390
or the name used as the security domain identifier. If you have defined a
security domain, the APPL profile used is the security domain name.
- When adding an administrator to the administrative console using local
operating system security, if the APPL class is activated, the administrator's
user ID must be authorized to the CBS390 (or the name specified as the security
domain identifier) APPL class for RACF as well. If the administrator's user
ID is not authorized to CBS390 APPL, message BBOS0108E is issued, indicating
that the credential-handling function (RunAsGetSpecCred) failed in routine
because the user is not authorized.

Setting up WebSphere Application Server for z/OS security

Summary of controls
Searchable topic ID:
rseccustomization
Last updated: Jun 21, 2007 9:56:50 PM CDT
WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/rsec_customization.html