Is role based security required for setup of z/OSMF?
Are cloud rules required for the setup?
Component : ACF2 for z/OS
Configure z/OS Management Facility for ACF2 contains information related to setting up z/OSMF security with ACF2.
Although the documentation and the sample JCL all reference ROLE based security, it is not a requirement.
If you do not want to write ROLESET rules, you can convert them to UID rulesets.
Example:
SET RESOURCE(ZMC)
RECKEY IZUDFLT ADD(ZOSMF.RESOURCE_POOL.WLM.IYU0 ROLE(ROLEXXX) -
SERVICE(READ) ALLOW)
The TYPE(ZMC) rule can be created as a uid ruleset after ascertaining which users
would be included in ROLE ROLEXXX.
If that would be user01, user02 and user03 the rule could be written as
SET RESOURCE(ZMC)
RECKEY IZUDFLT ADD(ZOSMF.RESOURCE_POOL.WLM.IYU0 UID(<user01>) -
SERVICE(READ) ALLOW)
RECKEY IZUDFLT ADD(ZOSMF.RESOURCE_POOL.WLM.IYU0 UID(<user02>) -
SERVICE(READ) ALLOW)
RECKEY IZUDFLT ADD(ZOSMF.RESOURCE_POOL.WLM.IYU0 UID(<user03>) -
SERVICE(READ) ALLOW)
END
What you would need to do is assign all users that would be associated with each group/role and then change the rules to be UIDs instead of specifying the role.
Cloud setup is required for v2r3 or above.
We suggest that you start with member ACFMFSEC in CAX1JCL0 and then you can add other components as required.