Users who will run BCM Web API requests must be assigned READ permission for the following profiles. For details, see the description "Authorizing users to the z/OSMF REST interfaces" in the IBM manual z/OS Management Facility configuration guide.
- The IZUACCT resource profile in the ACCTNUM resource class
- The CEA.CEATSO.TSOREQUEST resource profile in the SERVAUTH resource class
- The IZUFPROC resource profile in the TSOPROC resource class
- The SAF-prefix.IzuManagementFacility.izuUsers resource profile in the EJBROLE resource class
To log on to z/OSMF, users who will run BCM Web API requests must belong to the security group specified for the USER operand or the ADMIN operand of the SEC_GROUPS parameter in IZUPRMxx parmlib (default: IZUUSER or IZUADMIN).
For the z/OSMF startup task user (default: IZUSVR), READ permission for the CEA.CEATSO.TSOREQUEST resource profile in the SERVAUTH class is required.
For the CEA startup task, the TRUSTED(YES) attribute must be set in the RDEFINE STARTED CEA.** definition.