Configuring a ChangeMan ZMF Proxy User ID
A proxy user ID, or trusted user ID, is required for each
host server, or LPAR. You specify these in the
zmf.properties configuration file when you configure
communication on the integrating server.
The purpose of the proxy user ID is to allow users to automatically access ChangeMan ZMF through the integration without logging on. The proxy ChangeMan ZMF user ID connects to the host server on behalf of the user.
Consider an example where a user wants to freeze a release unit. The orchestration invoked for the Freeze function requires access to the ChangeMan ZMF host server. The user's TSO user ID is on his SBM contact record and is associated with the proxy user ID; however, there is no password stored in the user's contact record. The proxy user ID (which does have a password) logs on to the ChangeMan ZMF host server on behalf of the user. The proxy user ID impersonates the user, but does not have access to other resources (such as performing ChangeMan ZMF functions). The authority levels of the user are in effect for the transaction.
The proxy user ID can be any SAF-defined user ID. No specific attributes
are required. It is not necessary that this user ID be allowed to access TSO.
This user ID must be given READ (or higher) access to the "trusted
resource". The trusted resource is a SAF resource, by default
SERENA.SERNET.AUTHUSR in the FACILITY class. The
resource and class are user-modifiable by changing the names in the
SERLCSEC module, which is delivered as source code with
This module is used for customizing a variety of security-related functions.
Note: It is not necessary to alter
SERLCSEC to support the integration, as it is already
coded for the preceding resource name and class. Be sure to use the version of
SERLCSEC that is appropriate to your specific version of
including any customizations that you have applied.
The trusted resource is not related to the RACF user ID TRUSTED attribute.