ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Sample JCL To Remove Top Secret Permits For Zowe

book

Article ID: 187253

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Sample Top Secret JCL to remove Top Secret security permits for Zowe. 

Resolution

//ZWENOSEC JOB
//*
//* This program and the accompanying materials are made available
//* under the terms of the Eclipse Public License v2.0 which
//* accompanies this distribution, and is available at
//* https://www.eclipse.org/legal/epl-v20.html
//*
//* SPDX-License-Identifier: EPL-2.0
//*
//* Copyright Contributors to the Zowe Project. 2018, 2020
//*
//*********************************************************************
//*
//* Zowe Open Source Project
//* This JCL can be used to remove security permits for Zowe
//*
//*
//* CAUTION: This is neither a JCL procedure nor a complete job.
//* Before using this JCL, you will have to make the following
//* modifications:
//*
//* 1) Add job name and job parameters to the JOB statement, to
//*    meet your system requirements.
//*
//* 2) Change &ADMINGRP to match the desired
//*    group name for Zowe administrators.
//*
//* 3) Change &STCGROUP to match the desired
//*    group name for started tasks.
//*
//* 4) Change &ZOWEUSER to match the desired
//*    user ID for the ZOWE started task.
//*
//* 5) Change &XMEMUSER to match the desired
//*    user ID for the XMEM Cross Memory started task.
//*
//* 6) Change &AUXUSER to match the desired
//*    user ID for the XMEM Auxilary Cross Memory started task.
//*
//* 7) Change &ZOWESTC to match the desired
//*    Zowe started task name.
//*
//* 8) Change &XMEMSTC to match the desired
//*    XMEM Cross Memory started task name.
//*
//* 9) Change &AUXSTC to match the desired
//*     XMEM Auxilary Cross Memory started task name.
//*
//* 10) Change &HLQ to match the desired
//*     Zowe data set high level qualifier.
//*
//* 11) Change &SYSPROG to match the existing
//*     user ID or group used by z/OS system programmers.
//*
//* 12) Customize the commands in the DD statement that matches your
//*     security product so that they meet your system requirements.
//*
//* Note(s):
//*
//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY
//*    TO ALTER SECURITY DEFINITONS
//*
//* 2. Remove users from the Zowe administrator group before removing
//*    the group itself.
//*
//* 3. This job WILL complete with return code 0.
//*    The results of each command must be verified after completion.
//*
//*********************************************************************
//*
//*********************************************************************
//*
//* EXECUTE COMMANDS FOR TOP SECRET SECURITY PRODUCT
//*
//RUN      EXEC PGM=IKJEFT01,REGION=0M
//SYSTSPRT DD SYSOUT=*
//SYSTSIN  DD *
*
*********************************************************************
*
* Top Secret ONLY, customize to meet your system requirements
*
* REMOVE ZOWE DATA SET PROTECTION ................................. */
* remove general data set protection                                */
TSS WHOHAS DSN(&HLQ)
TSS REVOKE(&SYSPROG) DSN(&HLQ.) 
TSS REMOVE(dept) DSN(&HLQ.)
* REMOVE ZOWE SERVER PERMISIONS ................................... */
* remove permit to use XMEM Cross Memory server                     */
TSS WHOHAS IBMFAC(ZWES.IS) 
TSS REVOKE(&ZOWEUSER) IBMFAC(ZWES.IS)
* remove permit to create a user's security environment             */
TSS WHOHAS IBMFAC(BPX.DAEMON) 
TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.DAEMON)
TSS WHOHAS IBMFAC(BPX.SERVER) 
TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.SERVER)
* remove permit to set jobname                                      */
TSS WHOHAS IBMFAC(BPX.JOBNAME) 
TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.JOBNAME)
* remove permit to write persistent data                            */
TSS WHOHAS UNIXPRIV(SUPERUSER.FILESYS)
TSS REVOKE(&ZOWEUSER) UNIXPRIV(SUPERUSER.FILESYS)
* REMOVE STARTED TASKS ............................................ */
* remove userid for ZOWE main server                                */
TSS LIST(&ZOWEUSER)
TSS DELETE(&ZOWEUSER)
* remove userid for XMEM Cross Memory server                        */
TSS LIST(&XMEMUSER)
TSS DELETE(&XMEMUSER)
* comment out if &AUXUSER matches &XMEMUSER (default), expect       */
*   warning messages otherwise                                      */
* remove userid for XMEM auxilary cross memory server               */
TSS LIST(&AUXUSER)
TSS DELETE(&AUXUSER)
* comment out if &STCGROUP matches &ADMINGRP (default), expect      */
*   warning messages otherwise                                      */
* remove group for started tasks                                    */
TSS LIST(&STCGROUP)
TSS DELETE(&STCGROUP)
* remove started task for ZOWE main server                          */
TSS LIST(STC)
TSS REMOVE(STC) PROCNAME(&ZOWESTC)
* remove started task for XMEM Cross Memory server                  */
TSS LIST(STC)
TSS REMOVE(STC) PROCNAME(&XMEMSTC)
* remove started task for XMEM Auxilary Cross Memory server         */
TSS LIST(STC)
TSS REMOVE(STC) PROCNAME(&AUXSTC)
* REMOVE ADMINISTRATORS ........................................... */
* uncomment to remove user IDs from the &ADMINGRP group             */
* TSS REMOVE(userid) GROUP(&ADMINGRP)                      */
* remove group for administrators                                   */
TSS LIST(&ADMINGRP)
TSS DELETE(&ADMINGRP)
* ................................................................. */
/*
//*