Open 1000TurquoisePogs opened 1 year ago
I think it would be great if zwe did checks upon if the STC user has the right permissions in a way that can't be skipped - if you hide this in a "zwe validate", people might not run it. If you hide this in "zwe internal start prepare", then its truly unavoidable, but would run everytime and if that takes a long time to run then it would slow down startup and that would be very bad too. Not sure what to do here?
It sounds like we could use a page after "zwe init security" which confirms, using SCA, if we have all the permissions necessary.
In fact, the page that does "security" and "zwe init security", maybe should invoke zosmf for applying the SCA content.
First we need to know if zosmf exists/user wants to use it, but if they do, then we can use the Security Configuration Assistant and the great definitions in here https://github.com/zowe/zowe-install-packaging/blob/v2.x/staging/files/sca/zowe_base_server.json and apis such as this https://www.ibm.com/docs/en/zos/3.1.0?topic=scas-provision-security-resources-defined-in-http-request-body