Configuring security
Configuring security
During the initial installation of Zowe server-side components, it is necessary for your organization's security administrator to perform a range of tasks that require elevated security permissions. As a security administrator, follow the procedures outlined in this article to configure Zowe and your z/OS system to run Zowe with z/OS.
Validate and re-run zwe init
commands
During installation, the system programmer customizes values in the zowe.yaml file. However, due to insufficient permissions of the system programmer, the zwe init security
command may fail. Consult with your security administrator to review your ZWESECUR
job content so that your security adminstrator can re-submit this JCL.
Initialize Zowe security configurations
Choose from the following methods to initialize Zowe security configurations:
- Configuring with
zwe init security
- Configuring with
ZWESECUR
JCL
For more information about both of these methods, see Initialize Zowe security configurations.
Perform APF authorization of load libraries
Zowe contains load modules that require access to make privileged z/OS security manager calls. These load modules are held in two load libraries which must be APF authorized. For more information about how to issue the zwe init apfauth
command to perform APF authority commands, see Performing APF authorization of load libraries.
Configure the z/OS system for Zowe
Review and perform z/OS configuration steps based on your settings. For a detailed table of configuration procedures and associated purposes for performing these procedures, see Configuring the z/OS system for Zowe.
Assign security permissions to users
Assign users (ZWESVUSR and ZWESIUSR) and the ZWEADMIN security group permissions required to perform specific tasks. For more information see, Assign security permissions to users.
Zowe Feature specific configuration tasks
Depending on the specific Zowe server-side components that your organization is wishing to utilize, specific security configuration settings may apply. Review the following table of Zowe server-side component features and their associated configuration tasks, and perform the tasks that apply to your use case.
Next steps
After these security configuration steps are completed, and Zowe z/OS runtime is initialized, the next step is Configuring certificates. Note that configuring certificates requires security administrator authorization.
For more information about security administrator tasks, see: