Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security doc org refactor #3978

Open
wants to merge 20 commits into
base: master
Choose a base branch
from
Open

Conversation

janan07
Copy link
Collaborator

@janan07 janan07 commented Nov 4, 2024

Describe your pull request here:

List the file(s) included in this PR:

After creating the PR, follow the instructions in the comments.

Copy link

github-actions bot commented Nov 4, 2024

😺 Thank you for creating this PR! To publish your content to Zowe Docs, follow these required steps.

  • Add the label review: doc.
  • Identify your content topic with a label. (Examples: area: apiml, area: cli, area: install and config, etc.)
  • Specify the major Zowe release(s) for your content. (Examples: release: V1, release: V2, release: V3)
    • If adding content that needs to be removed from V3 documentation, add the V3 N/A tag.
  • Select the master branch if your PR updates content that is on the live site. Select docs-staging if your PR updates content for a future release.
  • Notify the Doc Squad about this PR. If you don't know whom should review your content, message the #zowe-doc Slack channel. If you know which Doc Squad writer should approve your content, add that person as a reviewer.

Need help? Contact the Doc Squad in the #zowe-doc Slack channel.

Copy link

github-actions bot commented Nov 4, 2024

📁 The PR description is missing the file name(s) for the updated content. List all the files included in this PR so this information displays in our Zowe Docs GitHub Slack channel.

If you have addressed this issue already, refresh this page in your browser to remove this comment.

Copy link

github-actions bot commented Nov 4, 2024

🔍 The review label is missing. Add a review: label so we can determine who needs to approve this PR.

If you have addressed this issue already, refresh this page in your browser to remove this comment.

Copy link

github-actions bot commented Nov 4, 2024

💾 The release label is missing. Add a release: label so your content is published with the correct major Zowe release.

If you have addressed this issue already, refresh this page in your browser to remove this comment.

Copy link

github-actions bot commented Nov 4, 2024

📌 The subject area label is missing. Add an area: label so we know what your content is about.

If you have addressed this issue already, refresh this page in your browser to remove this comment.

Signed-off-by: Andrew Jandacek <[email protected]>
Signed-off-by: Andrew Jandacek <[email protected]>
Signed-off-by: Andrew Jandacek <[email protected]>
Signed-off-by: Andrew Jandacek <[email protected]>
Copy link

github-actions bot commented Nov 4, 2024

@github-actions github-actions bot temporarily deployed to pull request November 4, 2024 15:09 Inactive
@github-actions github-actions bot temporarily deployed to pull request November 4, 2024 15:23 Inactive
@github-actions github-actions bot temporarily deployed to pull request November 4, 2024 15:46 Inactive
Copy link
Member

@1000TurquoisePogs 1000TurquoisePogs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Loving the use of <details> to hide all the commands because they're quite similar and routine throughout the page.

I'm focusing on the table contents... the contents and how we explain them could guide what this page covers and how.

| --- | --- | --- |
| Set the names for the different z/OS UNIX address spaces for the Zowe runtime components. <br/>**Important:** This configuration step is required. | All components | [Configure address space job naming](#configure-address-space-job-naming) |
| To use Zowe desktop. This step generates random numbers for zssServer that the Zowe desktop uses. | Application Framework | [Configure an ICSF cryptographic services environment](#configure-an-icsf-cryptographic-services-environment) |
| To allow users to log on to the Zowe desktop through impersonation. | | [Configure security environment switching](#configure-security-environment-switching) |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Application Framework

| To use Zowe desktop. This step generates random numbers for zssServer that the Zowe desktop uses. | Application Framework | [Configure an ICSF cryptographic services environment](#configure-an-icsf-cryptographic-services-environment) |
| To allow users to log on to the Zowe desktop through impersonation. | | [Configure security environment switching](#configure-security-environment-switching) |
| Required for TSS only. A TSS FACILITY needs to be defined and assigned to the `ZWESLSTC` started task. | | [Configure multi-user address space for TSS only](#configure-multi-user-address-space-for-tss-only) |
| Required if you have not run `ZWESECUR` and are manually creating the user ID and groups in your z/OS environment. | | [Configure user IDs and groups for the Zowe started tasks](#configure-user-ids-and-groups-for-the-zowe-started-tasks) |
Copy link
Member

@1000TurquoisePogs 1000TurquoisePogs Nov 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All mention of "ZWESECUR" in this table should be rethought.

  • ZWESECUR is not the recommended job to run anymore.
  • It was also ever only one of now 4 ways to perform its actions (zwe, jcl, zosmf workflow, install wizard)
  • Because the operations of ZWESECUR are instructed to be done within a prior doc page, care should be taken not to present this as something that needs to be done again.

You may wish to reword all "Required if you have not run ZWESECUR" entries to
"Required. Tasks are done within zwe, workflow, install wizard or jcl-based security setup.

Or

"Required. Tasks are done within Zowe runtime configuration"

Or to call them out in a separate table or list by saying "The following tasks are needed by Zowe, and are normally handled during Zowe runtime configuration. Read each link to learn more about the tasks performed by that configuration"

| Required if you have not run `ZWESECUR` and are configuring your z/OS environment manually. This step describes how to configure the cross memory server for SAF to guard against access by non-privileged clients. | Application Framework | [Configure the cross memory server for SAF](#configure-the-cross-memory-server-for-saf) |
| Required for API Mediation Layer to map a client certificate to a z/OS identity. | API ML | [Configure main Zowe server to use client certificate identity mapping](#configure-main-zowe-server-to-use-client-certificate-identity-mapping) |
| Required for API ML to map the association between a z/OS user ID and a distributed user identity. | API ML | [Configure main Zowe server to use distributed identity mapping](#configure-main-zowe-server-to-use-distributed-identity-mapping) |
| To configure SAF Identity tokens on z/OS so that they can be used by Zowe components like zss or API Mediation Layer. | | [Configure signed SAF Identity tokens IDT](#configure-signed-saf-identity-tokens-idt) |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Meaning it is optional.
Our text in each box calls out "Required" a little differently for each but Maybe better to make a row of checkboxes for Required/Optional?

| Required for API Mediation Layer to map a client certificate to a z/OS identity. | API ML | [Configure main Zowe server to use client certificate identity mapping](#configure-main-zowe-server-to-use-client-certificate-identity-mapping) |
| Required for API ML to map the association between a z/OS user ID and a distributed user identity. | API ML | [Configure main Zowe server to use distributed identity mapping](#configure-main-zowe-server-to-use-distributed-identity-mapping) |
| To configure SAF Identity tokens on z/OS so that they can be used by Zowe components like zss or API Mediation Layer. | | [Configure signed SAF Identity tokens IDT](#configure-signed-saf-identity-tokens-idt) |
| Required for API Mediation Layer to issue SMF records. | API ML | [Configure the main Zowe server to issue SMF records](api-mediation/api-mediation-smf.md#configure-the-main-zowe-server-to-issue-smf-records) |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wording could mislead here. This action is required if you want to use an optional feature.
Thus it is optional.

Signed-off-by: Andrew Jandacek <[email protected]>
@github-actions github-actions bot temporarily deployed to pull request November 5, 2024 13:01 Inactive
Signed-off-by: Andrew Jandacek <[email protected]>
@github-actions github-actions bot temporarily deployed to pull request November 5, 2024 14:33 Inactive
Signed-off-by: Andrew Jandacek <[email protected]>
@github-actions github-actions bot temporarily deployed to pull request November 5, 2024 15:23 Inactive
…nfiguring security / limit content duplication

Signed-off-by: Andrew Jandacek <[email protected]>
@github-actions github-actions bot temporarily deployed to pull request November 7, 2024 10:06 Inactive
@github-actions github-actions bot temporarily deployed to pull request November 7, 2024 10:57 Inactive
Signed-off-by: Andrew Jandacek <[email protected]>
@github-actions github-actions bot temporarily deployed to pull request November 7, 2024 14:21 Inactive
@github-actions github-actions bot temporarily deployed to pull request November 7, 2024 14:38 Inactive
Signed-off-by: Andrew Jandacek <[email protected]>
@github-actions github-actions bot temporarily deployed to pull request November 8, 2024 10:25 Inactive
@github-actions github-actions bot temporarily deployed to pull request November 12, 2024 08:41 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants