The RACF® tasks should
be performed by your system security administrator.
The Jazz™ Team Server
for System z® uses four
roles that you must define as RACF EJBROLE profiles
for security control. Define the four Jazz Team
Server roles in the EJBROLE class.
- Define the EJBROLE profiles:
- JazzAdmins
- Jazz repository administrators
with full read/write access.
- JazzDWAdmins
- Jazz repository administrators
with specific permissions to control the data warehouse on a Jazz Team Server.
- JazzProjectAdmins
- Jazz repository administrators
with specific permissions to manipulate project areas, team areas,
and process templates.
- JazzGuests
- Users with read-only access to the Jazz repository.
- JazzUsers
- Users with regular read/write access to the Jazz repository.
Example RACF commands:
RDEFINE EJBROLE JazzAdmins UACC(NONE)
RDEFINE EJBROLE JazzDWAdmins UACC(NONE)
RDEFINE EJBROLE JazzProjectAdmins UACC (NONE)
RDEFINE EJBROLE JazzGuests UACC(READ)
RDEFINE EJBROLE JazzUsers UACC(NONE)
- Permit the appropriate access to users or groups.
Example RACF commands:
Permit JazzAdmins CLASS(EJBROLE) ID(jazAdmns) ACCESS(READ)
Permit JazzDWAdmins CLASS(EJBROLE) ID(jDwadmns) ACCESS(READ)
Permit JazzProjectAdmins CLASS(EJBROLE) ID(jPradmns) ACCESS (READ)
Permit JazzUsers CLASS(EJBROLE) ID(jazzgrp) ACCESS(READ)
- Activate the new definitions:
After the RACF RDEFINE and PERMIT commands you must issue
the following command to take them into account:
SETROPTS RACLIST(EJBROLE) REFRESH
- After completing the remaining steps to configure Jazz Team Server, you must log on as a Jazz Team Server administrator to
verify this configuration. Before attempting to verify the configuration,
provide at least one user ID or group with read authority to the JazzAdmins
profile in the EJBROLE class.
Note: When you add user IDs to the Jazz Team Server repository, you
must also give them read authority to the appropriate RACF profile in the EJBROLE class (JazzAdmins,
JazzDWAdmins, JazzProjectAdmins, JazzGuests, JazzUsers).
Attention: When your password expires, you will no longer be
able connect to Jazz, but you
will not get an error message that informs you that this has
happened. If you cannot connect to Jazz and
you think that your password has expired, you must change it by logging
in to TSO or Rational® Developer
for System z.