The Customization Dialog enables you to create a security domain
for your WebSphere Application Server for z/OS configuration.
Note:
- You must set up a base Application Server using the dialogs before using
this one to set up a Network Deployment node, which is managed by the deployment
manager process (dmgr). It is critical that you LOAD saved environment
variables from the base Application Server into the deployment manager node
that federates the base node. Do this before performing security customization
on the deployment manager node.
- If the APPL class is active and you have defined a profile for WebSphere
Application Server, make sure that all z/OS identities using WebSphere Application
Server services have READ permission to the WebSphere Application Server APPL
profile. This includes all WebSphere Application Server identities, WebSphere
Application Server unauthenticated identities, WebSphere Application Server
administrative identities, user IDs based on role-to-user mappings, and all
user identities for system users. If you have not defined a security domain,
the APPL profile used is CBS390 or the name used as the security domain identifier.
If you have defined a security domain, the APPL profile used is the security
domain name.
- When adding an administrator to the administrative console using local
operating system security, if the APPL class is activated, the administrator's
user ID must be authorized to the CBS390 (or the name specified as the security
domain identifier) APPL class for RACF as well. If the administrator's user
ID is not authorized to CBS390 APPL, message BBOS0108E is issued, indicating
that the credential-handling function (RunAsGetSpecCred) failed in routine
because the user is not authorized.