MainView products that run in a BBI-SS PAS
MainView AutoOPERATOR
MainView FOCAL POINT
MainView for CICS
MainView for DB2
MainView for DBCTL
- MainView for IMS Online
The subsystem name is part of the resource name and determines the BBI-SS PAS for which the resource is secured. You must specify the BBI-SS PAS and target when defining a resource to your ESM.
The resource naming convention for these products is:
prefix.ssid.product.target.suffix
The resource name qualifiers are as follows:
Qualifier | Description |
---|---|
prefix | The one- to eight-character prefix that is used for all resource name If you do not specify a prefix, the default prefix of BBM is added to all resource names automatically. |
ssid | The one- to four-character subsystem ID of the BBI-SS PAS for which the resource is to be secured The SSIDs are specified in BBPARM member BBIJNT00. You must include the SSID in the resource name. |
product | One of the following product abbreviations:
|
target | The one- to eight-character target name (as displayed in the right corner of a MainView full-screen panel) that specifies to which target the action is directed All valid target names are listed in BBPARM member BBIJNT00. You must include the target name in the resource name. |
suffix | A predefined suffix that represents the actual function the resource represents The remainder of this section lists the resource names, including the suffix for each resource. The suffix can consist of a BMC supplied portion and a user-specified portion. |
When creating permits, profiles, and rules to control access to resources, an explicit or generic value can be specified for any qualifier in the resource name by using the masking characters supported by the ESM.
If you plan to implement security for any of these products, the resources listed in the following table must be secured before you can implement security within each individual product. Use the information in the following figure to determine how securing a resource in one product might affect another product.
Not all resources are applicable to all products, so the third column in the following table lists which products use the resource.
Resources
To protect this resource | Description and resource name | Products affected |
---|---|---|
Accessing a common resources target | Accessing a specific target or targets Resource name: prefix.ssid.BBI.target.ACCESS Note: Securing this resource is a prerequisite to implementing security for any other resource in this table. Access to the BBI-SS PAS (or target) is always checked before access to a specific product resource is checked. | MainView AutoOPERATOR MainView FOCAL POINT MainView for CICS MainView for DB2 MainView for DBCTL MainView for IMS Online |
Issuing common control commands | Issuing common control commands (such as .RESET, .CANCEL, .STOP, .START) Resource name: prefix.ssid.BBI.target.BBICMD | MainView AutoOPERATOR MainView for CICS MainView for DB2 MainView for DBCTL MainView for IMS Online |
Writing messages to the common journal log | Resource name: prefix.ssid.BBI.target.JRNLMSG | MainView AutoOPERATOR MainView for CICS MainView for DB2 MainView for DBCTL MainView for IMS Online |
Resource checking during Application and Cycle Refresh | Remembering the verification of BBI-SS PAS resources for the life of an Application or Cycle Refresh session, until the refresh session is stopped Defining this resource can reduce overall CPU consumption during a refresh session. Normally, a security verification call is made for every invocation of an application during Application or Cycle Refresh. By defining the REFRESH resource and granting the PAS user ID READ access to it, authorization for the application will be remembered for the life of the refresh session. If security verification fails, the failed verification will also be remembered and the error message NOT AUTHORIZED will be issued each time the application panel is redisplayed. Resource name: prefix.ssid.BBI.target.REFRESH | MainView AutoOPERATOR MainView FOCAL POINT MainView for CICS MainView for DB2 MainView for DBCTL MainView for IMS Online |
Dynamic data set allocation of trace log data sets | Allowing the BBI-SS PAS to allocate trace log data sets dynamically for a user Denying access specifies that the BBI-SS PAS is not to allocate the trace log data sets. Trace logging can be requested only if trace log data sets are preallocated. If access is denied and a trace log data set does not exist, a request for trace logging will fail. Note: Only a DISPOSITION of OLD is accepted for trace log data set allocation if access is denied. Resource name: prefix.ssid.BBI.target.TRALLOC | MainView for CICS MainView for DB2 MainView for DBCTL MainView for IMS Online |
Modifying or purging all service requests, including those started by other users | Allowing the user to modify or purge service requests, including those made by other users (for example, purging a monitor or trace) You can use a number or pound sign (#) with this resource name:
Provides user access and changes authority (free, modify, purge, quiesce, reset, stop, switch) for all services, including those started by other users. Note: This resource is recommended for the system administrator. Resource name: prefix.ssid.BBI.target.PMACC# | MainView for CICS MainView for DB2 MainView for DBCTL MainView for IMS Online |
Accessing service classes A through Z | Accessing analyzer and monitor service classes If SERVLIST=RESTRICT is specified in BBPARM member BBIISP00, this parameter also restricts the services displayed on the analyzer and monitor service lists. The following values can be specified with this resource name:
Resource name: prefix.ssid.BBI.target.PMACCA prefix.ssid.BBI.target.PMACCB ... prefix.ssid.BBI.target.PMACCZ | MainView for CICS MainView for DB2 MainView for DBCTL MainView for IMS Online |
Starting a summary application trace | Starting a summary trace (accounting) Resource name: prefix.ssid.BBI.target.TRACE.S | MainView for CICS MainView for DB2 MainView for DBCTL MainView for IMS Online |
Starting a summary or detail application trace | Starting a summary trace plus detail trace with SQL events Resource name: prefix.ssid.BBI.target.TRACE.D | MainView for CICS MainView for DB2 MainView for DBCTL MainView for IMS Online |
Starting a summary or detail application trace (with all events for MainView for DB2) | Starting a detail trace plus scans, I/Os, locks, and DDF detail event tracing Note: TRACE.ALL supersedes TRACE.S or TRACE.D. Resource name: prefix.ssid.BBI.target.TRACE.ALL | MainView for CICS MainView for DB2 MainView for IMS Online |
Starting a IBM Db2 application trace for the total workload (DB2AUTH = +) | Resource name: prefix.ssid.DMR.target.DB2TRACE.GENERIC | MainView for DB2 |
Issuing Db2 commands in MainView for DB2 | Resource name: prefix.ssid.DMR.target.DB2CMD | MainView for DB2 |
Displaying SQL text when the ID of the event being traced matches the user ID | Displaying SQL text with the DUSER service and the pop-up display for the BIND-TXT entry in the DTRAC service A message is produced in place of the SQL text to inform the user that the text display was suppressed by user authorization. Granting access to this resource allows you to display only SQL text if the authorization ID of the event being traced matches the user ID connected to MainView for DB2. Resource name: prefix.ssid.DMR.target.DB2SQLAU | MainView for DB2 |
Displaying all SQL text | Resource name: prefix.ssid.DMR.target.DB2SQLAL | MainView for DB2 |
Issuing IBM MVS commands | Issuing MVS commands (such as VARY, START, STOP, CANCEL) Resource name: prefix.ssid.AAO.target.MVSCMD | MainView AutoOPERATOR |
Displaying the MainView AutoOPERATOR Rules Processor application | Accessing and displaying Rules within the Rules Processor Users with display-only access cannot perform any actions that would affect automation. Resource name: prefix.ssid.AAO.target.RULEREAD | MainView AutoOPERATOR |
Updating the MainView AutoOPERATOR Rules Processor application | Updating and creating new Rules in the Rules Processor application Users with update access can take actions that effect automation, enable or disable Rule Sets, move Rules within a Rule Set, change Rule Set search strategy, and so on. Resource name: prefix.ssid.AAO.target.RULEUPD | MainView AutoOPERATOR |
Invoking IBM CICS transactions from a MainView AutoOPERATOR terminal session | Resource name: prefix.ssid.AAO.target.CICSTRAN | MainView AutoOPERATOR |
EXECs (FEATURE=EXEC) MainView AutoOPERATOR EXECs | Scheduling or testing MainView AutoOPERATOR EXECs You might want to grant authority for users to have EXEC access on a test system but not on a production system. Resource name: prefix.ssid.AAO.target.EXEC | MainView AutoOPERATOR |
Displaying MainView AutoOPERATOR parameter data in the Dynamic Parameter Manager | Resource name: prefix.ssid.AAO.target.PARMREAD | MainView AutoOPERATOR |
Updating MainView AutoOPERATOR parameter data in the Dynamic Parameter Manager | Resource name: prefix.ssid.AAO.target.PARMUPD | MainView AutoOPERATOR |
Invoking IBM IMS transactions from a MainView AutoOPERATOR terminal session | Resource name: prefix.ssid.AAO.target.IMSTRAN | MainView AutoOPERATOR |
Invoking IMS and IMSplex commands from a MainView AutoOPERATOR terminal session | Resource name: prefix.ssid.AAO.target.IMSCMD | MainView AutoOPERATOR |
Sending messages to the IMS terminal | Resource name: prefix.ssid.AAO.target.IMSMSG | MainView AutoOPERATOR |
Displaying MainView AutoOPERATOR parameter data in the TapeSHARE for MainView AutoOPERATOR Application | Resource name: prefix.ssid.AAO.target.APPL.TAPSREAD | MainView AutoOPERATOR |
Updating MainView AutoOPERATOR parameter data in the TapeSHARE for MainView AutoOPERATOR application | Resource name: prefix.ssid.AAO.target.APPL.TAPSUPD | MainView AutoOPERATOR |
Issuing AOAnywhere API commands to MainView AutoOPERATOR | Issuing the following AOAnywhere API commands to MainView AutoOPERATOR: AOEXEC VDEL AOEXEC VGET AOEXEC ALERT FUNCTION(ADD) AOEXEC ALERT FUNCTION(READQ) AOEXEC BIM (PTF BQO3498 applied) AOEXEC CMD AOEXEC MSG AOEXEC NOTIFY AOEXEC WTO AOEXEC SELECT | MainView AutoOPERATOR Note: AOEXEC SELECT and AOEXEC AOSUBX are protected by the same resource that controls which terminal session users can schedule EXECs. For more information, see EXECs (FEATURE=EXEC) . |
Invoking MainView SYSPROG Services from a MainView AutoOPERATOR terminal session | Resource name: prefix.ssid.AAO.target.RESAUTH Note: For additional information about securing SYSPROG Services from MainView AutoOPERATOR, refer to EXECs (FEATURE=EXEC) . | SYSPROG Services from MainView AutoOPERATOR |
Scheduling a WTO to occur in the MainView AutoOPERATOR PAS | To possibly grant authority for BMC Impact Integration for z/OS cell users to have WTO access on a test system but not on a production system Resource name: prefix.ssid.BIIZ.target.WTO | MainView AutoOPERATOR |
Comments
Log in or register to comment.