IBM Z and LinuxONE - IBM Z

IBM Z

The enterprise platform for mission-critical applications brings next-level data privacy, security, and resiliency to your hybrid multicloud.

 View Only

Ways to decide how your mainframe session manager can display a list of sessions to each user

By Glenn Havelock posted Fri November 12, 2021 03:15 PM

  
Ways to decide how your mainframe session manager can display a list of sessions to each user
 

Those of you utilizing IBM mainframes today may very well be running a session manager, which presents users with a list of applications they’re authorized to use. But where does this list come from?

Here’s a typical session manager display:



It’s possible to create profiles within the session manager you’re running which presents each authorized user with a list of applications they’re allowed to access.

You may want to consider creating ‘dynamic menus’ by having your session manager go directly out to your ESM (external security manager, such as RACF) and create the list of sessions a user is authorized to see by reading ESM profiles directly. Below is an example of a RACF profile/resource definition allowing a user access to 3 applications. In this example user JCO1 is given access to applications TSO, CICSTS55, and LITEVPOC using RACF facilities:

RDEFINE FACILITY (ISZ.APPL.TSO)         
      OWNER(JCO1) UACC(NONE)            
 RDEFINE FACILITY (ISZ.APPL.CICSTS55)   
      OWNER(JCO1) UACC(NONE)            
 RDEFINE FACILITY (ISZ.APPL.LITEVPOC)   
      OWNER(JCO1) UACC(NONE)  
 PE ISZ.APPL.TSO
      ID(JCO1)
      CLASS(FACILITY)
      ACCESS(READ)
PE ISZ.APPL.CICSTS55
      ID(JCO1)
      CLASS(FACILITY)
      ACCESS(READ)
PE ISZ.APPL.LITEVPOC
      ID(JCO1)
      CLASS(FACILITY)
      ACCESS(READ)

When a user signs on to the session manager, it accesses information in the ESM (RACF in this example)and presents the user with a list of applications that they are allowed to access:



So, a user can be presented with a list of authorized applications by defining profiles/resources in 3 ways:

1.  Within the session manager itself
2.  Within the ESM (such as RACF)
3.  Using a combination of both

While you’re checking out what your session manager can do, it’s likely a good time to make sure it’s set up to run on z/OS 2.5 as well.  

UNICOM/Macro 4 has a session manager, Tubes, which provides this functionality – see the link below for more info:

https://www.macro4.com/products/tubes-zos/

Regards,

The UNICOM/Macro 4 technical team
0 comments
26 views

Permalink

https://community.ibm.com/community/user/blogs/glenn-havelock/2021/11/12/utilizing-dynamic-menus-with-a-session-manager