×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC AMI Database Advisor for IMS 3.1 ... Customizing database products for IMS Customizing Backup and Recovery products for IMS Customizing Recovery Manager functions and utilities Handling security in the RMGR environment

Implementing security for IRMICMD

To implement security for IRMICMD, the security administrator identifies resources within the FACILITY class (this class is predefined in SAF) and specifies the user IDs that have authority to use those resources.

The valid resource (entity) names for IRMICMD are listed in the following table. These resource names control whether users are authorized to use IRMICMD to issue the corresponding IMS command. Resource names can also control whether a command can be issued on a specified IMS system or for a specified sharegroup.

IRMICMD first checks for a SAF resource rule containing an IMS ID or SHAREGROUP name that matches the IMS ID or SHAREGROUP name in the IRMICMD control statement:

  • If a rule contains the optional imsid parameter (imsid is the one- to four-character IMS ID), the rule applies to the specified IMS system; if the command is GLOBAL, the rule also applies to all other IMS systems in the sharegroup.

  • If a rule contains the optional sharegroup parameter (sharegroup is the one- to four-character SHAREGROUP name), the rule applies to all IMS systems in the specified sharegroup; the command is GLOBAL by default.

  • If a rule does not contain the imsid parameter or the sharegroup parameter, IRMICMD checks for a rule containing a command that matches the IRMICMD command. If a rule contains the command, the access rules in that SAF rule apply to all IMS systems. Therefore, if access is denied, it is denied for all IMS systems; if access is allowed, it is allowed for all IMS systems.

SAF resources for RMGR IMS Command (IRMICMD) utility

Resource name

IMS command

Command description

BBM.IRM.CHE

/CHE

Take a simple checkpoint on any IMS system

BBM.IRM.CHE.imsid

/CHE

Take a simple checkpoint on the specified IMS system

BBM.IRM.CHE.sharegroup

/CHE

Take a simple checkpoint on all IMS systems in the specified sharegroup

BBM.IRM.DBD

/DBD

Dump a database on any IMS system

BBM.IRM.DBD.imsid

/DBD

Dump a database on the specified IMS system

BBM.IRM.DBD.sharegroup

/DBD

Dump a database on all IMS systems in the specified sharegroup

BBM.IRM.DBR

/DBR

Recover a database or area on any IMS system

BBM.IRM.DBR.imsid

/DBR

Recover a database or area on the specified IMS system

BBM.IRM.DBR.sharegroup

/DBR

Recover a database or area on all IMS systems in the specified sharegroup

BBM.IRM.STADB

/STA

Start a database or area on any IMS system

BBM.IRM.STADB.imsid

/STA

Start a database or area on the specified IMS system

BBM.IRM.STADB.sharegroup

/STA

Start a database or area on all IMS systems in the specified sharegroup

BBM.IRM.STODB

/STO

Stop a database or area on any IMS system

BBM.IRM.STODB.imsid

/STO

Stop a database or area on the specified IMS system

BBM.IRM.STODB.sharegroup

/STO

Stop a database or area on all IMS systems in the specified sharegroup

BBM.IRM.SWI

/SWI

Switch the active log data set to the next OLDS and then take a simple checkpoint on any IMS system

BBM.IRM.SWI.imsid

/SWI

Switch the active log data set to the next OLDS and then take a simple checkpoint on the specified IMS system

BBM.IRM.SWI.sharegroup

/SWI

Switch the active log data set to the next OLDS and then take a simple checkpoint on all IMS systems in the specified sharegroup

The following figure shows sample RACF control statements to define IMSICMD resources that apply to a specified IMS system (IMSP).

RACF resource definitions for IRMICMD that apply to any IMS system

RDEFINE FACILITY BBM.IRM.CHE UACC(NONE)
RDEFINE FACILITY BBM.IRM.DBD UACC(NONE)
RDEFINE FACILITY BBM.IRM.DBR UACC(NONE)
RDEFINE FACILITY BBM.IRM.STADB UACC(NONE)
RDEFINE FACILITY BBM.IRM.STODB UACC(NONE)
RDEFINE FACILITY BBM.IRM.SWI UACC(NONE)
PERMIT BBM.IRM.CHE CLASS(FACILITY) ID(USER01)   ACCESS(READ)
PERMIT BBM.IRM.DBD CLASS(FACILITY) ID(DBAGRP)   ACCESS(READ)
PERMIT BBM.IRM.DBR CLASS(FACILITY) ID(DBAGRP)   ACCESS(READ)
PERMIT BBM.IRM.STADB CLASS(FACILITY) ID(DBAGRP) ACCESS(READ)
PERMIT BBM.IRM.STODB CLASS(FACILITY) ID(DBAGRP) ACCESS(READ)
PERMIT BBM.IRM.SWI CLASS(FACILITY) ID(DBAGRP)   ACCESS(READ)
SETROPTS CLASSACT(FACILITY)
SETROPTS RACLIST(FACILITY) REFRESH
RLIST FACILITY BBM.IRM.CHE     AUTHUSER
RLIST FACILITY BBM.IRM.DBD     AUTHUSER
RLIST FACILITY BBM.IRM.DBR     AUTHUSER
RLIST FACILITY BBM.IRM.STADB   AUTHUSER
RLIST FACILITY BBM.IRM.STODB   AUTHUSER
RLIST FACILITY BBM.IRM.SWI     AUTHUSER

The following figure shows sample RACF control statements to define IMSICMD resources and restrict their usage on the specified IMS system.

RACF resource definitions for IRMICMD that apply to a specified IMS system

RDEFINE FACILITY BBM.IRM.CHE.IMSP UACC(NONE)
RDEFINE FACILITY BBM.IRM.DBD.IMSP UACC(NONE)
RDEFINE FACILITY BBM.IRM.DBR.IMSP UACC(NONE)
RDEFINE FACILITY BBM.IRM.STADB.IMSP UACC(NONE)
RDEFINE FACILITY BBM.IRM.STODB.IMSP UACC(NONE)
RDEFINE FACILITY BBM.IRM.SWI.IMSP UACC(NONE)
PERMIT BBM.IRM.CHE.IMSP CLASS(FACILITY) ID(USER02)   ACCESS(READ)
PERMIT BBM.IRM.DBD.IMSP CLASS(FACILITY) ID(USER02)   ACCESS(READ)
PERMIT BBM.IRM.DBR.IMSP CLASS(FACILITY) ID(USER02)   ACCESS(READ)
PERMIT BBM.IRM.STADB.IMSP CLASS(FACILITY) ID(USER02) ACCESS(READ)
PERMIT BBM.IRM.STODB.IMSP CLASS(FACILITY) ID(USER02) ACCESS(READ)
PERMIT BBM.IRM.SWI.IMSP CLASS(FACILITY) ID(USER02)   ACCESS(READ)
SETROPTS CLASSACT(FACILITY)
SETROPTS RACLIST(FACILITY) REFRESH
RLIST FACILITY BBM.IRM.CHE.IMSP     AUTHUSER
RLIST FACILITY BBM.IRM.DBD.IMSP     AUTHUSER
RLIST FACILITY BBM.IRM.DBR.IMSP     AUTHUSER
RLIST FACILITY BBM.IRM.STADB.IMSP   AUTHUSER
RLIST FACILITY BBM.IRM.STODB.IMSP   AUTHUSER
RLIST FACILITY BBM.IRM.SWI.IMSP     AUTHUSER

The following figure shows sample RACF control statements to define IMSICMD resources that apply to a specified sharegroup (SHRP).

RACF resource definitions for IRMICMD that apply to a specified sharegroup

RDEFINE FACILITY BBM.IRM.CHE.SHRP UACC(NONE)
RDEFINE FACILITY BBM.IRM.DBD.SHRP UACC(NONE)
RDEFINE FACILITY BBM.IRM.DBR.SHRP UACC(NONE)
RDEFINE FACILITY BBM.IRM.STADB.SHRP UACC(NONE)
RDEFINE FACILITY BBM.IRM.STODB.SHRP UACC(NONE)
RDEFINE FACILITY BBM.IRM.SWI.SHRP UACC(NONE)
PERMIT BBM.IRM.CHE.SHRP CLASS(FACILITY) ID(DBAGRP)   ACCESS(READ)
PERMIT BBM.IRM.DBD.SHRP CLASS(FACILITY) ID(DBAGRP)   ACCESS(READ)
PERMIT BBM.IRM.DBR.SHRP CLASS(FACILITY) ID(DBAGRP)   ACCESS(READ)
PERMIT BBM.IRM.STADB.SHRP CLASS(FACILITY) ID(DBAGRP) ACCESS(READ)
PERMIT BBM.IRM.STODB.SHRP CLASS(FACILITY) ID(DBAGRP) ACCESS(READ)
PERMIT BBM.IRM.SWI.SHRP CLASS(FACILITY) ID(DBAGRP)   ACCESS(READ)
SETROPTS CLASSACT(FACILITY)
SETROPTS RACLIST(FACILITY) REFRESH
RLIST FACILITY BBM.IRM.CHE.SHRP     AUTHUSER
RLIST FACILITY BBM.IRM.DBD.SHRP     AUTHUSER
RLIST FACILITY BBM.IRM.DBR.SHRP     AUTHUSER
RLIST FACILITY BBM.IRM.STADB.SHRP   AUTHUSER
RLIST FACILITY BBM.IRM.STODB.SHRP   AUTHUSER
RLIST FACILITY BBM.IRM.SWI.SHRP     AUTHUSER
Related topic

Handling security in the RMGR environment

Was this page helpful? Yes No Submitting... Thank you
Last modified by Shubhangi Godbole on Nov 06, 2023
customization

Comments

Log in or register to comment.

Overview of SAF usage in IRMICMD
Reviewing data set concatenations
© Copyright 2013 - 2024 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.