zowe / zen

Eclipse Public License 2.0
1 stars 6 forks source link

Install Wizard Utilize SCA definitions to set SAF permissions with zosmf #61

Open 1000TurquoisePogs opened 1 year ago

1000TurquoisePogs commented 1 year ago

First we need to know if zosmf exists/user wants to use it, but if they do, then we can use the Security Configuration Assistant and the great definitions in here https://github.com/zowe/zowe-install-packaging/blob/v2.x/staging/files/sca/zowe_base_server.json and apis such as this https://www.ibm.com/docs/en/zos/3.1.0?topic=scas-provision-security-resources-defined-in-http-request-body

1000TurquoisePogs commented 1 year ago

I think it would be great if zwe did checks upon if the STC user has the right permissions in a way that can't be skipped - if you hide this in a "zwe validate", people might not run it. If you hide this in "zwe internal start prepare", then its truly unavoidable, but would run everytime and if that takes a long time to run then it would slow down startup and that would be very bad too. Not sure what to do here?

1000TurquoisePogs commented 1 year ago

It sounds like we could use a page after "zwe init security" which confirms, using SCA, if we have all the permissions necessary.

In fact, the page that does "security" and "zwe init security", maybe should invoke zosmf for applying the SCA content.

armstro commented 1 month ago

https://community.ibm.com/community/user/ibmz-and-linuxone/viewdocument/zosmf-guild-session-33-october-1?CommunityKey=1ca674e5-aada-4194-a16e-059cafe7b807&tab=librarydocuments zOSMF Guild Session 33.pdf