What's z/OSMF Security Configuration Assistant
z/OSMF Security Configuration Assistant (SCA) is one service (or plugin) of z/OSMF, it was introduced in z/OS V2R4 and rolled back to z/OS V2R3.
The basic idea of z/OSMF SCA is to provide a graphic user interface to describe the product's security configuration and give user a friendly way to check whether the product’s security configuration is setup correctly or not.
You must experience the nightmare that the application couldn't work correctly due to some pieces of security configuration missing, or your system was on the hazard because of the over-authorized applications. This would always take a lot time to diagnose, sometimes, it needs the application developer, system programmer and security administrator to work together to get the problem solved. With z/OSMF SCA, system programmer and application developer can submit their security requirements clearly to security administrator, and what's more convenience, that security administrator can verify the result after they are setup directly, this would guarantee the security setup is precise.
Why you want to use z/OSMF Security Configuration Assistant
The purpose of z/OSMF SCA is to ease the burden of z/OS products' security, have you ever experienced any of the pain points below:
- Low efficient and error-prone to find required security configuration from books with hundreds of pages. Sometimes, there are several books for one product, it is very hard to know which book and chapter documents the security requirements.
- Hard to associate required security setup for the specific function of the product. When specific function failed, it is hard to find which security requirement is related with the failure.
- Low efficiency communication between system administrator and security administrator. System administrator doesn't know if individual security requirement has been really fixed until security administrator notifies him.
- The security setup doesn't really reflect whether the security requirement has really been satisfied precisely. It could be caused by the generic resource, user group, etc.
z/OSMF SCA is trying to help with experience above, specifically, SCA provides benefits below:
- Easy to create a product's security descriptor file. z/OSMF SCA use JSON format to describe the security requirement, this makes it easy to understand both by human and machine, and give the flexibility to describe different security requirement
- Render security requirements by product or function in Web UI. z/OSMF SCA is browser-based Web UI, the security requirements were organized for human-readable, and it also give the statistic of the validation result.
- Validate security setup automatically by different granularity. z/OSMF SCA can validate the security setup by product or by individual SAF resource, you can validate these resources which are just updated
- Validate if a user or user group was authorized to product or function.
- Validation result is displayed in graphic chart
- Support all external security manager products, such as RACF, ACF2, Top Secret
How to use z/OSMF Security Configuration Assistant
z/OSMF SCA is easy to use, you could open SCA from z/OSMF Desktop App Center by double-click its icon.
You can select the checkbox of the specific service (product) to check the product only, or check all the services without anyone selected, you could see the statistics of the validation result.
By clicking the Action icon of the specific resource item, you will check that resource item only.