What is required for the security class ZMFCLOUD that must be active when you configure IBM Cloud Provisioning and Management for z/OS?

Document ID : KB000014157
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

What is required for the security class ZMFCLOUD that must be active when you configure IBM Cloud Provisioning and Management for z/OS?

Answer:

With ACF2 all resource classes are protected by default. If there is no GSO CLASMAP definition for ZMFCLOUD the ACF2 Resource TYPE code will default to the first three characters of the Resource Class. So for Resource Class ZMFCLOUD the default TYPE code would be ZMF. 

Sample Rules for IBM Cloud Provisioning and Management for z/OS security authorizations for the default domain and default tenant.

Grant the landlord group read access to the landlord profile.

ACF
SET RESOURCE(ZMF)
RECKEY IZUDFLT ADD( OSMF.PROVISIONING.RESOURCE_MANAGEMENT.IYU -
UID(uid string for IYU) SERVICE(READ) ALLOW)

Grant the WLM administrator group read access to the WLM administrator profile.

ACF
SET RESOURCE(ZMF)
RECKEY IZUDFLT ADD( ZOSMF.RESOURCE_POOL.WLM.IYU0 -
 UID(UID STRING FOR IYU0RPAW) SERVICE(READ) ALLOW) 

Grant the network administrator group read access to the network administrator profile.

ACF
SET RESOURCE(ZMF)
RECKEY IZUDFLT ADD( ZOSMF.RESOURCE_POOL.NETWORK.IYU0 -
UID(UID STRING FOR IYU0RPAN) SERVICE(READ) ALLOW)