Note: To activate the IOA to XBM interface, XBM must be active and at least one of the following parameters: ZIIPXBMO, ZIIPXBMP, or ZIIPXBMA must be set to Y.
A RACF call is made by XBM on the initial request to determine if a user is authorized to perform the requested function. The following RACF profile is used:
BMCXBM.<XBM_SSID>.ZIIP
If this profile is not defined, permission will be granted. More detailed information can be found in the XBM documentation.
Step 3.1 IOA Security Definitions (Optional)
IOA security definition samples are found in the IOASRAC2 member of the IOA INSTWORK library. This member is created in the IOA INSTWORK library after selecting this step.
RDEFINE FACILITY $$IOAEDM.qname UACC(NONE)
Force USERA to work in the Extended Definition mode by using the following command:
PERMIT $$IOAEDM.qname ID(USERA) CLASS(FACILITY) ACCESS(READ)
Users who have read authority to this entity will work in the Extended Definition mode. Users who are not authorized to access this entity work in the Basic Definition mode.
SETROPTS LIST
SETROPTS CLASSACT(SURROGAT)
Step 3.2 Function Security Definitions (Optional)
The IOASRAC3 job in the IOA INSTWORK library is optional. It contains some definition samples for various entities. Customize this job according to your requirements and submit the job.
Define entities and user authorizations.
For information about defining IOA entities and user authorizations, see Basic Definition Security Calls, and Extended Definition Security Calls.
Examples
The IOASRAC4 job in the IOA INSTWORK library contains a sample of the definitions required to define Program Pathing access authorizations to IOA datasets. Review the definitions and modify them according to the requirements of your site.
Note: Before submitting this job, BMC recommends that the security administrator read Limiting Access to Specific Programs and read about protecting entities through Program Pathing in the manual of your security product.
RDEFINE FACILITY $$IOAONLINE.qname
where qname is used to assign different authorizations to different IOA environments (such as Test and Production). This parameter is specified during IOA installation.
RDEFINE FACILITY $$IOARES.qname.SYS*
PERMIT $$IOARES.qname.SYS* CLASS(FACILITY) ID(USERA) ACCESS(READ)
PERMIT $$IOAnnn.qname CLASS(FACILITY) ID(USERA) ACCESS(READ)
All entity names for each IOA protected element appear in Basic Definition Security Calls for Basic Definition mode and Extended Definition Security Calls, for Extended Definition mode.
Step 3.3 Control Program Access to IOA Datasets (Optional)
The IOASRAC4 job in the IOA INSTWORK library contains a sample of the definitions required to define Program Pathing access authorizations to IOA datasets. Review the definitions and modify them according to the requirements of your site.
Note: Before submitting this job, BMC recommends that the security administrator read Limiting Access to Specific Programs and read about protecting entities through Program Pathing in the manual of your security product.
Parent Topic |