Re: [EXTERNAL] Re: zOSMF - remove plug-in

2018-02-02 Thread Jousma, David 
Lionel, that is exactly our problem too!   The security aspect is so over the 
top, that seems damn near impossible.   We too are CA-TSS shop.   Also, for 
clarity, the security that the actual STC needs is straight forward.  It's 
configuring the user security I am talking about.   

I've advocated with the IBM'ers responsible for development to see if they 
could provide an easier mechanism.   What I want here at our shop is to setup 
role based profiles something like the following that layer on additional 
privileges based on need:

- minimal access you get with IZUGUEST - options ok to see without being logged 
on
- general authenticated user - app developers, those that might make "cloud" 
requests
- DBA - DB2 staff, 
- SYSPROG - my team
- ZOSMF Administrators - subset of my team

Then adding additional users would be a breeze.  But we aren’t even to this 
point yet.

Compunding the issue is that ZOSMF required zOS components that we hadn’t 
previously configured and turned on like PFA, CIM, etc.   That’s our own fault, 
but just adds to the load of configuring.
_
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
david.jou...@53.com
1830 East Paris, Grand Rapids, MI  49546 MD RSCB2H
p 616.653.8429
f 616.653.2717

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Dyck, Lionel B. (TRA)
Sent: Friday, February 02, 2018 10:16 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [EXTERNAL] Re: zOSMF - remove plug-in

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

The challenge is implementing the security rules so that this happens. We've 
been "fighting" for months to get the rules cleaned up as when zOSMF was 
implemented 2+ years ago the rules were not implemented properly so we are 
deleting and starting over. I'm not a security person and we use CA Top Secret 
instead of RACF, but I can say that the rules look both overly cumbersome and 
completely convoluted.

--
Lionel B. Dyck <
Mainframe Systems Programmer - TRA


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Kurt Quackenbush
Sent: Friday, February 02, 2018 9:11 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: zOSMF - remove plug-in

On 2/1/2018 3:30 PM, Jousma, David wrote:
> The way I understand it, the option in the left side bar does not show up, if 
> you are not allowed to use it.  However, I have not proven that out.
That is correct, if a user is not authorized to a particular z/OSMF task, then 
that task is not displayed in the navigation pane for that user.

Kurt Quackenbush -- IBM, SMP/E Development

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL 
EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: [EXTERNAL] Re: zOSMF - remove plug-in

2018-02-02 Thread Dyck, Lionel B. (TRA) 
The challenge is implementing the security rules so that this happens. We've 
been "fighting" for months to get the rules cleaned up as when zOSMF was 
implemented 2+ years ago the rules were not implemented properly so we are 
deleting and starting over. I'm not a security person and we use CA Top Secret 
instead of RACF, but I can say that the rules look both overly cumbersome and 
completely convoluted.

--
Lionel B. Dyck <
Mainframe Systems Programmer - TRA


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Kurt Quackenbush
Sent: Friday, February 02, 2018 9:11 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: zOSMF - remove plug-in

On 2/1/2018 3:30 PM, Jousma, David wrote:
> The way I understand it, the option in the left side bar does not show up, if 
> you are not allowed to use it.  However, I have not proven that out.
That is correct, if a user is not authorized to a particular z/OSMF 
task, then that task is not displayed in the navigation pane for that user.

Kurt Quackenbush -- IBM, SMP/E Development

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-02 Thread Kurt Quackenbush 

On 2/1/2018 3:30 PM, Jousma, David wrote:

The way I understand it, the option in the left side bar does not show up, if 
you are not allowed to use it.  However, I have not proven that out.
That is correct, if a user is not authorized to a particular z/OSMF 
task, then that task is not displayed in the navigation pane for that user.


Kurt Quackenbush -- IBM, SMP/E Development

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread Tom Conley 

On 2/1/2018 10:25 AM, John Eells wrote:

Just out of curiosity, why would you want to remove one, as long as 
unauthorized people could not use it?




John,

Performance.  V1R13, was bad, V2R1 corrected the issues, then V2R2 went 
the wrong way with all the new plugins, and I shudder to see V2R3.


Regards,
Tom Conley

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread Jesse 1 Robinson 
I have a simple criterion for 'business ready': how much would I pay for this 
application out of my own pocket? If it's not worth my buying it, it's not 
worth designing into any product regardless of who's signing the check.

This is about customer-friendly usability, not security. It's just plain rude 
to offer a selection that only gets the user's hand slapped. And on a 
flinty-eyed level, you don't want people pestering you about why they're locked 
out of that selection. 

If I can't do it, don't let me see it.  

.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler 
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
robin...@sce.com


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Farley, Peter x23353
Sent: Thursday, February 01, 2018 12:34 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: zOSMF - remove plug-in

Isn't that just "security by obscurity"?  Or invisibility?  What business harm 
is there in revealing that a function exists as long as the security rules 
prevent unauthorized use?

Or is it just to keep the naive unauthorized screen user from "confusion"?  
What exactly is meant by a "business ready" approach to user interfaces?

Peter

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Jesse 1 Robinson
Sent: Thursday, February 1, 2018 3:01 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: zOSMF - remove plug-in

I'm a bystander on this issue at the moment, but I do have strong feelings 
about appearing to give the user an option that, when selected, gets 'not 
allowed'. If an option is not allowed, it should not be displayed. I realize 
that this complicates programming, but it's the 'business ready' approach to 
any user interface on any platform. 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread Farley, Peter x23353 
Isn't that just "security by obscurity"?  Or invisibility?  What business harm 
is there in revealing that a function exists as long as the security rules 
prevent unauthorized use?

Or is it just to keep the naive unauthorized screen user from "confusion"?  
What exactly is meant by a "business ready" approach to user interfaces?

Peter

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Jesse 1 Robinson
Sent: Thursday, February 1, 2018 3:01 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: zOSMF - remove plug-in

I'm a bystander on this issue at the moment, but I do have strong feelings 
about appearing to give the user an option that, when selected, gets 'not 
allowed'. If an option is not allowed, it should not be displayed. I realize 
that this complicates programming, but it's the 'business ready' approach to 
any user interface on any platform. 

--


This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread Jousma, David 
The way I understand it, the option in the left side bar does not show up, if 
you are not allowed to use it.  However, I have not proven that out.

_
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
david.jou...@53.com
1830 East Paris, Grand Rapids, MI  49546 MD RSCB2H
p 616.653.8429
f 616.653.2717


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Dyck, Lionel B. (TRA)
Sent: Thursday, February 01, 2018 3:24 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: zOSMF - remove plug-in

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

I second Skip's comments.

--
Lionel B. Dyck <
Mainframe Systems Programmer - TRA


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Jesse 1 Robinson
Sent: Thursday, February 01, 2018 2:01 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: zOSMF - remove plug-in

I'm a bystander on this issue at the moment, but I do have strong feelings 
about appearing to give the user an option that, when selected, gets 'not 
allowed'. If an option is not allowed, it should not be displayed. I realize 
that this complicates programming, but it's the 'business ready' approach to 
any user interface on any platform. 

.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler 
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
robin...@sce.com


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of John Eells
Sent: Thursday, February 01, 2018 7:27 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: zOSMF - remove plug-in

Jousma, David wrote:
> John,
>
> That would seem logical, but that’s not how it works.  Once added to the 
> list, removal does not remove it, sadly.   As someone else mentioned, the 
> only way to "remove" it, is to secure it in SAF.   The ability to uninstall a 
> plug-in has been discussed, I just don’t know where or if there are any 
> development efforts under way to provide it.
>

>
> Remove it from the list of enabled plug-ins in IZUPRMxx.  See PDF p. 48 in 
> the Configuration Guide, here:
> http://publibz.boulder.ibm.com/epubs/pdf/izu23215.pdf
>
> --
> John Eells
> IBM Poughkeepsie
> ee...@us.ibm.com


First, my apologies for the misinformation.  I just tried this and, as you say, 
it does not work.

Second, I will get this information added to the configuration guide, which 
appears silent on this particular issue.

Just out of curiosity, why would you want to remove one, as long as 
unauthorized people could not use it?

--
John Eells
IBM Poughkeepsie
ee...@us.ibm.com


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread Dyck, Lionel B. (TRA) 
I second Skip's comments.

--
Lionel B. Dyck <
Mainframe Systems Programmer - TRA


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Jesse 1 Robinson
Sent: Thursday, February 01, 2018 2:01 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: zOSMF - remove plug-in

I'm a bystander on this issue at the moment, but I do have strong feelings 
about appearing to give the user an option that, when selected, gets 'not 
allowed'. If an option is not allowed, it should not be displayed. I realize 
that this complicates programming, but it's the 'business ready' approach to 
any user interface on any platform. 

.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler 
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
robin...@sce.com


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of John Eells
Sent: Thursday, February 01, 2018 7:27 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: zOSMF - remove plug-in

Jousma, David wrote:
> John,
>
> That would seem logical, but that’s not how it works.  Once added to the 
> list, removal does not remove it, sadly.   As someone else mentioned, the 
> only way to "remove" it, is to secure it in SAF.   The ability to uninstall a 
> plug-in has been discussed, I just don’t know where or if there are any 
> development efforts under way to provide it.
>

>
> Remove it from the list of enabled plug-ins in IZUPRMxx.  See PDF p. 48 in 
> the Configuration Guide, here:
> http://publibz.boulder.ibm.com/epubs/pdf/izu23215.pdf
>
> --
> John Eells
> IBM Poughkeepsie
> ee...@us.ibm.com


First, my apologies for the misinformation.  I just tried this and, as you say, 
it does not work.

Second, I will get this information added to the configuration guide, which 
appears silent on this particular issue.

Just out of curiosity, why would you want to remove one, as long as 
unauthorized people could not use it?

--
John Eells
IBM Poughkeepsie
ee...@us.ibm.com


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread Jesse 1 Robinson 
I'm a bystander on this issue at the moment, but I do have strong feelings 
about appearing to give the user an option that, when selected, gets 'not 
allowed'. If an option is not allowed, it should not be displayed. I realize 
that this complicates programming, but it's the 'business ready' approach to 
any user interface on any platform. 

.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler 
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
robin...@sce.com


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of John Eells
Sent: Thursday, February 01, 2018 7:27 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: zOSMF - remove plug-in

Jousma, David wrote:
> John,
>
> That would seem logical, but that’s not how it works.  Once added to the 
> list, removal does not remove it, sadly.   As someone else mentioned, the 
> only way to "remove" it, is to secure it in SAF.   The ability to uninstall a 
> plug-in has been discussed, I just don’t know where or if there are any 
> development efforts under way to provide it.
>

>
> Remove it from the list of enabled plug-ins in IZUPRMxx.  See PDF p. 48 in 
> the Configuration Guide, here:
> http://publibz.boulder.ibm.com/epubs/pdf/izu23215.pdf
>
> --
> John Eells
> IBM Poughkeepsie
> ee...@us.ibm.com


First, my apologies for the misinformation.  I just tried this and, as you say, 
it does not work.

Second, I will get this information added to the configuration guide, which 
appears silent on this particular issue.

Just out of curiosity, why would you want to remove one, as long as 
unauthorized people could not use it?

--
John Eells
IBM Poughkeepsie
ee...@us.ibm.com


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread Jousma, David 
I suspect that in many shops, getting the security changes pushed through the 
channels is much more labor intensive than just uninstalling the parts you do 
not want.

Don’t get me wrong, I'm coming around on z/OSMF, but the considerable 
amount(understatement) of security work needed to implement is a daunting task. 
 I don’t know that we are still where things need to be.

We are also dealing with some of these same issues.  I've opened tickets with 
IBM asking questions, the stock answer was "we recommend one ZOSMF instance per 
sysplex".   While we do happen to have TECH, DEV and PROD in the same 
sysplex(pre-dates my employment), they are different JES MAS, so I have to run 
one instance per MAS.   So, for SYSPROG's, ZOSMF use is more of a toolbox 
thing, for non-sysprogs, it’s a "cloud" thing.   I want to make sysprog tools 
available in all instances, but the Workflows, etc that the general population 
might use, should be running the in "prod" instance, in my opinion.

The other "itch" I have is that there is no mechanism to "administer" the zosmf 
instances in one place, and push the changes around.   Today, we have to 
separately administer each instance (6) and is a repetitive exercise that I 
shouldn’t have to do.

I do participate in this workgroup at zBLC, and a lot of this is talked about 
there, so I know there could be future plans for a lot of this stuff.

_
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
david.jou...@53.com
1830 East Paris, Grand Rapids, MI  49546 MD RSCB2H
p 616.653.8429
f 616.653.2717


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of John Eells
Sent: Thursday, February 01, 2018 10:27 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: zOSMF - remove plug-in

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

Jousma, David wrote:
> John,
>
> That would seem logical, but that’s not how it works.  Once added to the 
> list, removal does not remove it, sadly.   As someone else mentioned, the 
> only way to "remove" it, is to secure it in SAF.   The ability to uninstall a 
> plug-in has been discussed, I just don’t know where or if there are any 
> development efforts under way to provide it.
>

>
> Remove it from the list of enabled plug-ins in IZUPRMxx.  See PDF p. 48 in 
> the Configuration Guide, here:
> http://publibz.boulder.ibm.com/epubs/pdf/izu23215.pdf
>
> --
> John Eells
> IBM Poughkeepsie
> ee...@us.ibm.com


First, my apologies for the misinformation.  I just tried this and, as you say, 
it does not work.

Second, I will get this information added to the configuration guide, which 
appears silent on this particular issue.

Just out of curiosity, why would you want to remove one, as long as 
unauthorized people could not use it?

--
John Eells
IBM Poughkeepsie
ee...@us.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL 
EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread John Eells 

Jousma, David wrote:

John,

That would seem logical, but that’s not how it works.  Once added to the list, removal 
does not remove it, sadly.   As someone else mentioned, the only way to 
"remove" it, is to secure it in SAF.   The ability to uninstall a plug-in has 
been discussed, I just don’t know where or if there are any development efforts under way 
to provide it.





Remove it from the list of enabled plug-ins in IZUPRMxx.  See PDF p. 48 in the 
Configuration Guide, here:
http://publibz.boulder.ibm.com/epubs/pdf/izu23215.pdf

--
John Eells
IBM Poughkeepsie
ee...@us.ibm.com



First, my apologies for the misinformation.  I just tried this and, as 
you say, it does not work.


Second, I will get this information added to the configuration guide, 
which appears silent on this particular issue.


Just out of curiosity, why would you want to remove one, as long as 
unauthorized people could not use it?


--
John Eells
IBM Poughkeepsie
ee...@us.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread Marna WALLE 
Hi Dave,
This is an "understood" current situation today, which we know would be nice to 
fix.

Remember, if you are using an external application (technically not a plug-in), 
like SDSF, you can remove it dynamically.  SDSF has the doc to do that, as it's 
quite easy.

-Marna WALLE
z/OS Installation and Migration
IBM Poughkeepsie

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread Ronald Kristel 
I've made the same request several months ago in a PMR. They adviced the SAF 
option and asked to RFE it.
The reason why we wanted to do this, is because we have several z/OSMF 
instances running in the sysplex. Mainly to seperate internal use (Sysprog) and 
Workflow/Provisioning development. This separation was needed because of the 
SAF structure of admin/user and security groups.
We don't want plugins like the Incident Log/WLM to be used/visible by the 
Development z/OSMF. I (think) I accidently left those plugins in the IZUPRMxx 
while cloning a new z/OSMF instance.

Met vriendelijke groet,
Ronald Kristel

From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of 
Kurt Quackenbush <ku...@us.ibm.com>
Sent: Thursday, February 1, 2018 2:43:29 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: zOSMF - remove plug-in

On 1/31/2018 5:04 PM, R Dooley wrote:
> Seems this should be easy however I'm having difficulty locating doc for zOS 
> 2.2 and above regarding "how-to" remove a zOSMF plug-in once it has been 
> installed.  i.e. I no longer want it to appear as a link on the z/OSMF 
> landing page.

If you don't mind my asking, which plug-in are you trying to remove, and
why?

Kurt Quackenbush -- IBM, SMP/E Development

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread Kurt Quackenbush 

On 1/31/2018 5:04 PM, R Dooley wrote:

Seems this should be easy however I'm having difficulty locating doc for zOS 2.2 and 
above regarding "how-to" remove a zOSMF plug-in once it has been installed.  
i.e. I no longer want it to appear as a link on the z/OSMF landing page.


If you don't mind my asking, which plug-in are you trying to remove, and 
why?


Kurt Quackenbush -- IBM, SMP/E Development

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread Jousma, David 
John,

That would seem logical, but that’s not how it works.  Once added to the list, 
removal does not remove it, sadly.   As someone else mentioned, the only way to 
"remove" it, is to secure it in SAF.   The ability to uninstall a plug-in has 
been discussed, I just don’t know where or if there are any development efforts 
under way to provide it.

_
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
david.jou...@53.com
1830 East Paris, Grand Rapids, MI  49546 MD RSCB2H
p 616.653.8429
f 616.653.2717

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of John Eells
Sent: Thursday, February 01, 2018 6:46 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: zOSMF - remove plug-in

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

R Dooley wrote:
> Hello,
> Seems this should be easy however I'm having difficulty locating doc for zOS 
> 2.2 and above regarding "how-to" remove a zOSMF plug-in once it has been 
> installed.  i.e. I no longer want it to appear as a link on the z/OSMF 
> landing page.

Remove it from the list of enabled plug-ins in IZUPRMxx.  See PDF p. 48 in the 
Configuration Guide, here: 
http://publibz.boulder.ibm.com/epubs/pdf/izu23215.pdf

--
John Eells
IBM Poughkeepsie
ee...@us.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL 
EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected 
emails**

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-02-01 Thread John Eells 

R Dooley wrote:

Hello,
Seems this should be easy however I'm having difficulty locating doc for zOS 2.2 and 
above regarding "how-to" remove a zOSMF plug-in once it has been installed.  
i.e. I no longer want it to appear as a link on the z/OSMF landing page.


Remove it from the list of enabled plug-ins in IZUPRMxx.  See PDF p. 48 
in the Configuration Guide, here: 
http://publibz.boulder.ibm.com/epubs/pdf/izu23215.pdf


--
John Eells
IBM Poughkeepsie
ee...@us.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: zOSMF - remove plug-in

2018-01-31 Thread Ronald Kristel 
AFAIK it is not possible under z/OS 2.2. I am not sure in 2.3.  You can however 
limit access users/groups to the plugin by using SAF. Specify no access to the 
specific plugin option in the ZMFAPLA class.

Met vriendelijke groet,
Ronald Kristel

From: IBM Mainframe Discussion List  on behalf of R 
Dooley 
Sent: Wednesday, January 31, 2018 11:05:19 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: zOSMF - remove plug-in

Hello,
Seems this should be easy however I'm having difficulty locating doc for zOS 
2.2 and above regarding "how-to" remove a zOSMF plug-in once it has been 
installed.  i.e. I no longer want it to appear as a link on the z/OSMF landing 
page.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN