Preparing the security server (RACF)

Prepare the security server on z/OS.

About this task

WebSphere® Application Server for z/OS® uses a SAF-compliant security product for its operating system security interfaces. The WebSphere Application Server for z/OS documentation assumes the use of z/OS Security Server (RACF®). If you use another security product, consult the vendor for more information.

All z/OS systems in a sysplex must have access to consistent security information--shared RACF database or equivalent. If a shared security database is not used, you are responsible for ensuring that all WebSphere Application Server for z/OS security definitions are in effect on all systems in the sysplex.

Procedure

  1. Determine which RACF databases provide security information on your z/OS systems. If any WebSphere Application Server for z/OS cell will run on z/OS systems that have no shared RACF database, make plans to guarantee security database consistency for WebSphere Application Server for z/OS user IDs and privileges.
  2. WebSphere Application Server for z/OS requires list-of-groups (GRPLIST) checking. This checking is activated by the WebSphere Application Server for z/OS customization jobs. See z/OS Security Server RACF Security Administrators Guide for information about GRPLIST support.
  3. In order for RACF to automatically select an unused UID or GID value for WebSphere Application Server User IDs and groups:
    1. RACF needs to be using application identity mapping at stage 2 or higher. Use the RACF utility IRRIRA00 to upgrade your security database to application identity mapping stage 2 if necessary.
    2. The RACF profile SHARED.IDS must be defined.
    3. The RACF profile BPX.NEXT.USER must be defined and used to indicate the ranges from which UID and GID values are to be selected.
    For more information, consult the z/OS Security Server RACF System Programmer's Guide (SA22-7861) chapter 7, RACF database utilities, and the z/OS Security Server RACF Security Administrator's Guide (SA22-7683) chapter 20, RACF and z/OSUnix.

Icon that indicates the type of topic Task topic



Timestamp icon Last updated: March 5, 2017 23:57
File name: tins_prepracf.html