Skip to Content

[IT Auditor]

Printer-friendly version

Secure CMN/ZMF panel commands via entity checks

There are some ChangeMan ZMF functions in ChangeMan ZMF's ISPF dialog that are typically NOT allowed to be used by just any developer, e.g. because they may impact the integrity of  ChangeMan ZMF managed projects. Some examples are:

  • Revert a package back to development when the approval process has not been started (= not even 1 approval has been given), because in that case revert is allowed by anybody with application update access (and the CMNxREVR / CMNREVRT entity is not checked!).
  • Setting certain user options to some special value (e.g. some Y/N flag to skip some validation in the staging job).
  • A scratch request is commonly considered as a dangerous ChangeMan ZMF feature, because of the known  ChangeMan ZMF issues related to using scratch request, e.g.:  ChangeMan ZMF audit does not include any validations related to scratch requests.
  • A selective unfreeze (followed by edit-in-stage and re-freeze) of components in a successfully audited and frozen package, which may introduce inconsistencies for which no built-in controls exist in ChangeMan ZMF to prevent them.
  • ...

Just a complete disable of a function like 'unfreeze' (or utility request 'rename') might be an option in certain cases, which is typically done by just remove it from the ISPF panels. But how can you implement something to restrict access to such functions (without removing them entirely)?

READ MORE

ASR Runtime Environment for Z-Reports

Creating new ChangeMan ZMF reports, and or customizing any of the reports delivered with ChangeMan ZMF has always been a challenge. Mostly because it requires expertise in the REXX programming language and you need to have 'some' experience in using ChangeMan ZMF's (green) XML services. On top of that, ChangeMan ZMF does not come with any out-of-the-box charts (only reports).

Therefor, in most ChangeMan ZMF implementations, all such reporting (and charting) requests from any type of , gets routed to the (usually overbooked) ChangeMan ZMF administrators who might either not have the required REXX and/or XML experience, or don't really like to do such reporting work. Not to forget the effort that may be required when upgrading to a new ChangeMan ZMF release ...

READ MORE

Z-Apps On Demand

AbitMORE SCM Commander - mascotteAbout

Z-Apps On Demand is about creating a customized version of any of the Z-Apps, so that it perfectly fits the requirements. Developing (on demand) a brand new set of components that fit into the Z-Apps category (and where they will be added to also) is a variation of it.

READ MORE

Using ChangeMan ZMF - Getting started

Introduction to functions and uses of ChangeMan ZMF, which is the foundation (and pre-req) for additional ChangeMan ZMF training classes, to provide general knowledge about major ChangeMan ZMF func

READ MORE
Z-Course
Topics: 
  • General concepts and facilities, including:
    • ChangeMan ZMF's Change Packages.
    • The ChangeMan ZMF Lifecycle.
    • The ChangeMan ZMF Library Structure.
    • The ChangeMan ZMF Architecture.
  • ChangeMan ZMF terminology.
  • Navigating the various ISPF panels in ChangeMan ZMF (Primary menu options and Build menu options).
Audience: 
Duration (hours): 
8.00

ChangeMan ZMF Application Administration - Getting started

This is an in-depth introduction to ChangeMan ZMF's application administration functions, which is also the foundation (and pre-req) for ChangeMan ZMF's global administration training classes.

READ MORE
Z-Course
Topics: 
  • Configuring a ChangeMan ZMF Application:
    • The ChangeMan ZMF Lifecycle (application parms).
    • The ChangeMan ZMF Library Structure:
      • Library types and baseline libraries.
      • Local and/or remote promotion or production sites.
      • Promotion and/or production libraries.
    • The ChangeMan ZMF Security Architecture.
      • Package approvals configuration.
      • Promotion authorizations configuration.
    • The ChangeMan ZMF Programming Languages and Compile Procedures.
    • Configuring logical DB2 subsystems.
  • Navigating the various ISPF panels in ChangeMan ZMF related to application administration.
Audience: 
  • ChangeMan ZMF Administrators involved in the customization, installation, configuration or optimization of ChangeMan ZMF.
  • ChangeMan ZMF Helpdesk operators assuming they are authorized / responsible also for performing application administration also.
  • Release managers who want to learn about how ChangeMan ZMF can help them implementing (and enforcing) their release management procedures.
  • IT Auditors who want to increase their understanding of ChangeMan ZMF's functions and processes.
  • Users such as Operations control, project leaders, development managers, .... interested in learning more about ChangeMan ZMF and its key concepts.
Duration (hours): 
8.00

ChangeMan ZMF Global Administration - Getting started

This is an in-depth introduction to ChangeMan ZMF's global administration functions.

Z-Course
Topics: 
  • Configuring ChangeMan ZMF subsystems:
    • The ChangeMan ZMF Lifecycle (global parms).
    • The ChangeMan ZMF Library Structure:
      • Library types.
      • Local and/or remote promotion or production sites.
    • The ChangeMan ZMF Security Architecture.
      • Global and application administration authorizations configuration.
      • Revert, backout and monitor authorizations configuration
    • The ChangeMan ZMF Programming Languages and Compile Procedures.
    • Configuring DB2 subsystems.
  • Navigating the various ISPF panels in ChangeMan ZMF related to global administration.
Audience: 
Duration (hours): 
8.00

Using the STUB panel in CMN/ZMF

Document the usages of ChangeMan ZMF's STUB panel, which will be shown it you type primary command S on ChangeMan ZMF's primary option menu (and you've been authorized to use it).

READ MORE

Missing package activity dates (invalid restarts)

Package activity dates are dates that are stored in ChangeMan ZMF's meta data (CMNPMAST), and which relate to events such as:

  • When did this package enter the status FRZ, DIS, INS, BAS, etc.
  • When did some target production site confirm that the package was distributed to that site, or installed in that site.

READ MORE

Speed up package aging via a CMN/ZMF archive subsystem

The package aging parm is a number of days (set in global admin) that a package should be in BAS status (installed in production) before the meta data of that package (VSAM records stored in CMNPMAST) are allowed to be removed during ChangeMan ZMF housekeeping. The higher this number of days, the more people like IT auditors will like it (they are often the ones who are asking for such high number of days). While many countries have laws that force such data to be kept for (e.g.) 7 years, or even more ...

READ MORE

Packages that remain in DEV for years / forever

Each change package is assumed to be installed in production (and change its status to INS/BAS) some day. The date entered during package creation is the actual planned install date. But with package update (U7) you can change it again, typically to shift the date to some other (later) date. The idea of that is that it allows you to change your initially planned date (during package create) to somewhere later on. Because while the package content is being developed, it turns out that the date that was originally scheduled is too early. So far no problem ...

READ MORE
Syndicate content