Configuring a ChangeMan ZMF Proxy User ID

A proxy user ID, or trusted user ID, is required for each ChangeMan ZMF host server, or LPAR. You specify these in the configuration file when you configure ChangeMan ZMF communication on the integrating server.

The purpose of the proxy user ID is to allow users to automatically access ChangeMan ZMF through the integration without logging on. The proxy ChangeMan ZMF user ID connects to the host server on behalf of the user.

Consider an example where a user wants to freeze a release unit. The orchestration invoked for the Freeze function requires access to the ChangeMan ZMF host server. The user's TSO user ID is on his SBM contact record and is associated with the proxy user ID; however, there is no password stored in the user's contact record. The proxy user ID (which does have a password) logs on to the ChangeMan ZMF host server on behalf of the user. The proxy user ID impersonates the user, but does not have access to other resources (such as performing ChangeMan ZMF functions). The authority levels of the user are in effect for the transaction.

The proxy user ID can be any SAF-defined user ID. No specific attributes are required. It is not necessary that this user ID be allowed to access TSO. This user ID must be given READ (or higher) access to the "trusted resource". The trusted resource is a SAF resource, by default SERENA.SERNET.AUTHUSR in the FACILITY class. The resource and class are user-modifiable by changing the names in the SERLCSEC module, which is delivered as source code with ChangeMan ZMF. This module is used for customizing a variety of security-related functions.

Note: It is not necessary to alter SERLCSEC to support the integration, as it is already coded for the preceding resource name and class. Be sure to use the version of SERLCSEC that is appropriate to your specific version of ChangeMan ZMF, including any customizations that you have applied.
Important: The trusted resource is not related to the RACF user ID TRUSTED attribute.