Skip to Content
Information
Limited support BMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Ops Infrastructure 7.1 .

BMC AMI Ops Automation advanced security

Before you can implement advanced security for 

BMC AMI Ops Automation

, you must implement standard full-screen security by:

Implementing BMC AMI OpsA advanced security is an optional, additional step. In some cases, advanced security resources are checked in addition to standard BMC AMI OpsA resources. In other cases, the advanced security feature overrides the standard security. The following table describes the BMC AMI OpsA advanced security features.

Each of these advanced security features can be implemented independently of each other, or in any combination. For example, you can choose to secure applications and EXECs by EXEC name, but not to secure any of the other features.

Error
Warning

Security implemented at this level might override security that you implemented for resources that are listed in Resources. For example, you might deny access to a user to issue MVS commands (with the prefix.ssid.AAO. target.MVSCMD resource). However, if you grant access to this user for a specific MVS command (such as prefix.ssid.AAO target.MVSCMD.DISPLAY.ALL), this access will be allowed.


Feature name

Description

ALRTEXEC

Activates security checking for Alert Follow-up EXECs

This feature activates the security checking for the user’s authority to schedule Alert Follow-up EXECs.

When both the ALRTEXEC feature and the EXEC feature are in use, the security resource is secured based upon the EXEC name. When activating ALRTEXEC without the EXEC feature, security is only checked to see if the user can run any EXEC at all.

For example:

  • FEATURE=(ALRTEXEC) checks resource prefix.ssid.AAO.target.EXEC
  • FEATURE=(ALRTEXEC,EXEC) checks resource prefix.ssid.AAO.target.EXEC. execname

APPL

Applies to BMC AMI OpsA applications

This feature secures who can access BMC AMI OpsA applications within a terminal session, such as:

  • BMC AMI OpsA Basic Automation applications (the Rules Processor application, the ALERTs applications, the CSM application, and so on)
  • BMC AMI OpsA Advanced Automation applications (the OSPI application, EXEC Testing Facility, the Shared Object Facility, and so on)
  • BMC AMI Ops Automation for z/OS option applications
  • BMC AMI Ops Automation for IMS option applications
  • BMC AMI Ops Automation for CICS option applications
  • BMC AMI Ops Automation Access NV option applications

For more information about application security, refer to Applications-FEATURE-APPL.

CMD

Applies to commands that you can issue from a BMC AMI OpsA terminal session.

This feature allows you to secure:

  • IMS transactions by transaction name
  • IMS and IMSplex commands by command and parameter
  • CICS transactions by command, keyword, and parameter
  • MVS commands by command and parameter

Note: Security checking is limited to eight characters each for commands, keywords, and parameters.

For more information about command security, refer to Commands-and-transactions-FEATURE-CMD.

ALRT

Allows you to secure which users can delete specific ALERTs or ALERT queues by ALERT queue name.

For more information about ALERT security, refer to ALERTs-FEATURE-ALRT.

EXEC

Allows you to secure which terminal session users can schedule EXECs by EXEC name.

You can explicitly grant authority to certain users to be able to (or not be able to) schedule specific EXECs.

For more information about EXEC security, refer to EXECs-FEATURE-EXEC.

PARM

Allows you to secure who has read-only access or update access to members in the Dynamic Parameter Manager application.

For more information about parameter security, refer to Parameter-data-FEATURE-PARM.

IMSGEN

Applies to IMS generic commands that you can issue from a BMC AMI OpsA terminal session.

This feature allows you to secure the individual IMS resource names when issuing IMS generic commands. FEATURE=CMD must be also specified.

Note:

  • Security checking is limited to eight characters each for commands, keywords, and parameters.
  • This feature does not apply to IMSplex (Type-2) commands or IMS generic commands prefixed with an at sign (@) for IBM substitution.
  • The user-security exit will not be invoked against the individual resource names.

For more information about IMSGEN security, refer to IMS-Generic-Commands-FEATURE-IMSGEN.


Related topic

Additional-resources-for-BMC-AMI-Ops-Automation


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Ops Infrastructure 7.0