In z/OSMF, the authorization of users to resources (tasks and links) is based on SAF resource validations for traditional z/OS security controls, such as user IDs and groups.
/* Activate the ZMFAPLA class */
TSS ADD(WASDEPT) ZMFAPLA(BBNBASE)
TSS PER(IZUADMIN) ZMFAPLA(BBNBASE.ZOSMF.) ACC(READ)
TSS PER(IZUUSER) ZMFAPLA(BBNBASE.ZOSMF.) ACC(READ)
TSS ADD(WASDEPT) ZMFAPLA(BBNBASE)
TSS PER(IZUADMIN) ZMFAPLA(BBNBASE.ZOSMF.ADMINTASKS.) ACC(READ)
TSS PER(IZUADMIN) ZMFAPLA(BBNBASE.ZOSMF.LINK.) ACC(READ)
TSS PER(IZUUSER) ZMFAPLA(BBNBASE.ZOSMF.LINK.) ACC(READ)