IT Management

Security Enhancements in z/VSE V4.1

6 Pages


Security in z/VSE is provided by the Basic Security Manager (BSM), which is part of z/VSE central functions and provides basic functionality. Clients with more demanding security needs (e.g., field-level security, command security) may choose to use a security manager product from an Independent Software Vendor (ISV) instead of BSM.

 

z/VSE V3.1.1 introduced an enhanced BSM that supports additional resources and new functions. z/VSE V4.1 continued the trend of addressing key client security needs. It introduces new logging and reporting functions to the BSM. This article provides an overview of the BSM and new auditing functions.

 

What BSM Protects

 

User IDs and resources are defined to BSM as profiles. Looking at where those profiles are stored, we see three groups.

 

In the first group, we have the user IDs. User profiles are stored in the VSE control file (IESCNTL). Usually, these profiles are defined and maintained via interactive interface dialogs. User profile definition via batch job is possible, but with a few limitations.

 

6 Pages