Security doc org refactor #3978
Conversation
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
|
😺 Thank you for creating this PR! To publish your content to Zowe Docs, follow these required steps.
Need help? Contact the Doc Squad in the #zowe-doc Slack channel. |
|
📁 The PR description is missing the file name(s) for the updated content. List all the files included in this PR so this information displays in our Zowe Docs GitHub Slack channel. If you have addressed this issue already, refresh this page in your browser to remove this comment. |
|
🔍 The review label is missing. Add a If you have addressed this issue already, refresh this page in your browser to remove this comment. |
|
💾 The release label is missing. Add a If you have addressed this issue already, refresh this page in your browser to remove this comment. |
|
📌 The subject area label is missing. Add an If you have addressed this issue already, refresh this page in your browser to remove this comment. |
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
…ity-doc-org-refactor' of https://github.com/zowe/docs-site into janan07-security-doc-org-refactor
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
| | --- | --- | --- | | ||
| | Set the names for the different z/OS UNIX address spaces for the Zowe runtime components. <br/>**Important:** This configuration step is required. | All components | [Configure address space job naming](#configure-address-space-job-naming) | | ||
| | To use Zowe desktop. This step generates random numbers for zssServer that the Zowe desktop uses. | Application Framework | [Configure an ICSF cryptographic services environment](#configure-an-icsf-cryptographic-services-environment) | | ||
| | To allow users to log on to the Zowe desktop through impersonation. | | [Configure security environment switching](#configure-security-environment-switching) | |
| | To use Zowe desktop. This step generates random numbers for zssServer that the Zowe desktop uses. | Application Framework | [Configure an ICSF cryptographic services environment](#configure-an-icsf-cryptographic-services-environment) | | ||
| | To allow users to log on to the Zowe desktop through impersonation. | | [Configure security environment switching](#configure-security-environment-switching) | | ||
| | Required for TSS only. A TSS FACILITY needs to be defined and assigned to the `ZWESLSTC` started task. | | [Configure multi-user address space for TSS only](#configure-multi-user-address-space-for-tss-only) | | ||
| | Required if you have not run `ZWESECUR` and are manually creating the user ID and groups in your z/OS environment. | | [Configure user IDs and groups for the Zowe started tasks](#configure-user-ids-and-groups-for-the-zowe-started-tasks) | |
There was a problem hiding this comment.
All mention of "ZWESECUR" in this table should be rethought.
- ZWESECUR is not the recommended job to run anymore.
- It was also ever only one of now 4 ways to perform its actions (zwe, jcl, zosmf workflow, install wizard)
- Because the operations of ZWESECUR are instructed to be done within a prior doc page, care should be taken not to present this as something that needs to be done again.
You may wish to reword all "Required if you have not run ZWESECUR" entries to
"Required. Tasks are done within zwe, workflow, install wizard or jcl-based security setup.
Or
"Required. Tasks are done within Zowe runtime configuration"
Or to call them out in a separate table or list by saying "The following tasks are needed by Zowe, and are normally handled during Zowe runtime configuration. Read each link to learn more about the tasks performed by that configuration"
| | Required if you have not run `ZWESECUR` and are configuring your z/OS environment manually. This step describes how to configure the cross memory server for SAF to guard against access by non-privileged clients. | Application Framework | [Configure the cross memory server for SAF](#configure-the-cross-memory-server-for-saf) | | ||
| | Required for API Mediation Layer to map a client certificate to a z/OS identity. | API ML | [Configure main Zowe server to use client certificate identity mapping](#configure-main-zowe-server-to-use-client-certificate-identity-mapping) | | ||
| | Required for API ML to map the association between a z/OS user ID and a distributed user identity. | API ML | [Configure main Zowe server to use distributed identity mapping](#configure-main-zowe-server-to-use-distributed-identity-mapping) | | ||
| | To configure SAF Identity tokens on z/OS so that they can be used by Zowe components like zss or API Mediation Layer. | | [Configure signed SAF Identity tokens IDT](#configure-signed-saf-identity-tokens-idt) | |
There was a problem hiding this comment.
Meaning it is optional.
Our text in each box calls out "Required" a little differently for each but Maybe better to make a row of checkboxes for Required/Optional?
| | Required for API Mediation Layer to map a client certificate to a z/OS identity. | API ML | [Configure main Zowe server to use client certificate identity mapping](#configure-main-zowe-server-to-use-client-certificate-identity-mapping) | | ||
| | Required for API ML to map the association between a z/OS user ID and a distributed user identity. | API ML | [Configure main Zowe server to use distributed identity mapping](#configure-main-zowe-server-to-use-distributed-identity-mapping) | | ||
| | To configure SAF Identity tokens on z/OS so that they can be used by Zowe components like zss or API Mediation Layer. | | [Configure signed SAF Identity tokens IDT](#configure-signed-saf-identity-tokens-idt) | | ||
| | Required for API Mediation Layer to issue SMF records. | API ML | [Configure the main Zowe server to issue SMF records](api-mediation/api-mediation-smf.md#configure-the-main-zowe-server-to-issue-smf-records) | |
There was a problem hiding this comment.
Wording could mislead here. This action is required if you want to use an optional feature.
Thus it is optional.
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Signed-off-by: Andrew Jandacek <andrew.jandacek@broadcom.com>
Describe your pull request here:
List the file(s) included in this PR:
After creating the PR, follow the instructions in the comments.