book
Article ID: 187253
calendar_today
Updated On:
Issue/Introduction
Sample Top Secret JCL to remove Top Secret security permits for Zowe.
Resolution
//ZWENOSEC JOB
//*
//* This program and the accompanying materials are made available
//* under the terms of the Eclipse Public License v2.0 which
//* accompanies this distribution, and is available at
//* https://www.eclipse.org/legal/epl-v20.html
//*
//* SPDX-License-Identifier: EPL-2.0
//*
//* Copyright Contributors to the Zowe Project. 2018, 2020
//*
//*********************************************************************
//*
//* Zowe Open Source Project
//* This JCL can be used to remove security permits for Zowe
//*
//*
//* CAUTION: This is neither a JCL procedure nor a complete job.
//* Before using this JCL, you will have to make the following
//* modifications:
//*
//* 1) Add job name and job parameters to the JOB statement, to
//* meet your system requirements.
//*
//* 2) Change &ADMINGRP to match the desired
//* group name for Zowe administrators.
//*
//* 3) Change &STCGROUP to match the desired
//* group name for started tasks.
//*
//* 4) Change &ZOWEUSER to match the desired
//* user ID for the ZOWE started task.
//*
//* 5) Change &XMEMUSER to match the desired
//* user ID for the XMEM Cross Memory started task.
//*
//* 6) Change &AUXUSER to match the desired
//* user ID for the XMEM Auxilary Cross Memory started task.
//*
//* 7) Change &ZOWESTC to match the desired
//* Zowe started task name.
//*
//* 8) Change &XMEMSTC to match the desired
//* XMEM Cross Memory started task name.
//*
//* 9) Change &AUXSTC to match the desired
//* XMEM Auxilary Cross Memory started task name.
//*
//* 10) Change &HLQ to match the desired
//* Zowe data set high level qualifier.
//*
//* 11) Change &SYSPROG to match the existing
//* user ID or group used by z/OS system programmers.
//*
//* 12) Customize the commands in the DD statement that matches your
//* security product so that they meet your system requirements.
//*
//* Note(s):
//*
//* 1. THE USER ID THAT RUNS THIS JOB MUST HAVE SUFFICIENT AUTHORITY
//* TO ALTER SECURITY DEFINITONS
//*
//* 2. Remove users from the Zowe administrator group before removing
//* the group itself.
//*
//* 3. This job WILL complete with return code 0.
//* The results of each command must be verified after completion.
//*
//*********************************************************************
//*
//*********************************************************************
//*
//* EXECUTE COMMANDS FOR TOP SECRET SECURITY PRODUCT
//*
//RUN EXEC PGM=IKJEFT01,REGION=0M
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
*
*********************************************************************
*
* Top Secret ONLY, customize to meet your system requirements
*
* REMOVE ZOWE DATA SET PROTECTION ................................. */
* remove general data set protection */
TSS WHOHAS DSN(&HLQ)
TSS REVOKE(&SYSPROG) DSN(&HLQ.)
TSS REMOVE(dept) DSN(&HLQ.)
* REMOVE ZOWE SERVER PERMISIONS ................................... */
* remove permit to use XMEM Cross Memory server */
TSS WHOHAS IBMFAC(ZWES.IS)
TSS REVOKE(&ZOWEUSER) IBMFAC(ZWES.IS)
* remove permit to create a user's security environment */
TSS WHOHAS IBMFAC(BPX.DAEMON)
TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.DAEMON)
TSS WHOHAS IBMFAC(BPX.SERVER)
TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.SERVER)
* remove permit to set jobname */
TSS WHOHAS IBMFAC(BPX.JOBNAME)
TSS REVOKE(&ZOWEUSER) IBMFAC(BPX.JOBNAME)
* remove permit to write persistent data */
TSS WHOHAS UNIXPRIV(SUPERUSER.FILESYS)
TSS REVOKE(&ZOWEUSER) UNIXPRIV(SUPERUSER.FILESYS)
* REMOVE STARTED TASKS ............................................ */
* remove userid for ZOWE main server */
TSS LIST(&ZOWEUSER)
TSS DELETE(&ZOWEUSER)
* remove userid for XMEM Cross Memory server */
TSS LIST(&XMEMUSER)
TSS DELETE(&XMEMUSER)
* comment out if &AUXUSER matches &XMEMUSER (default), expect */
* warning messages otherwise */
* remove userid for XMEM auxilary cross memory server */
TSS LIST(&AUXUSER)
TSS DELETE(&AUXUSER)
* comment out if &STCGROUP matches &ADMINGRP (default), expect */
* warning messages otherwise */
* remove group for started tasks */
TSS LIST(&STCGROUP)
TSS DELETE(&STCGROUP)
* remove started task for ZOWE main server */
TSS LIST(STC)
TSS REMOVE(STC) PROCNAME(&ZOWESTC)
* remove started task for XMEM Cross Memory server */
TSS LIST(STC)
TSS REMOVE(STC) PROCNAME(&XMEMSTC)
* remove started task for XMEM Auxilary Cross Memory server */
TSS LIST(STC)
TSS REMOVE(STC) PROCNAME(&AUXSTC)
* REMOVE ADMINISTRATORS ........................................... */
* uncomment to remove user IDs from the &ADMINGRP group */
* TSS REMOVE(userid) GROUP(&ADMINGRP) */
* remove group for administrators */
TSS LIST(&ADMINGRP)
TSS DELETE(&ADMINGRP)
* ................................................................. */
/*
//*