It is not required, nor desired, to grant superuser privileges to user IDs that are used to run one or more of the z/OS-based agents. What is required, is that these accounts must participate in the Agent Technology security group (default name, AWGROUP), as established in the Agent Technology installation process. The group AWGROUP owns the zFS files the once they are formatted during the install process. In addition, if you intend to run your agent as a started task, the Agent Technology security group must be the default group for the user ID for the task.
Access to AT applications and commands can be further tightened through the access.off file. This file is renamed if it is used. This file resides in the /cai/agent/services/config/aws_orb directory. If you need this extra security, to determine how to implement the changes, see the comments in that file. As delivered, this extra security is disabled.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|