Space banner

   

This space provides the same content as before, but the organization of the home page has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.

Checking MainView AutoOPERATOR advanced security

If you encounter security problems with MainView AutoOPERATOR advanced security, check the following items:
  1. Check the SYSLOG or the BBI journal for any of the following messages created during initialization when any MainView AutoOPERATOR advanced security features are in use:

    AA3210I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=APPL IN USE 
    AA3211I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=CMD IN USE 
    AA3212I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=EXEC IN USE 
    AA3215I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=ALRT IN USE 
    AA3216I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=PARM IN USE 
    AA3221I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=ALRTEXEC IN USE 
    AA3223I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=IMSGEN IN USE

    Each MainView AutoOPERATOR security feature that is implemented generates a separate message.

  2. Check the SYSLOG or the BBI journal for any of the following messages created during initialization when the MainView AutoOPERATOR advanced security CMD feature is in use:

    AA3214W TYPE=AAO FEATURE=CMD SPECIFIED WITH SAF CLASS=DATASET 
    AA3211I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=CMD IN USE

    AA3214W is a warning message that is issued any time you start the BBI-SS PAS with a security class of DATASET. This results in resource names for command transactions being restricted to only the command. Parameters and keywords are not checked.

    The following table shows an example of commands that can be used and the corresponding resource name that is checked for CLASS=$BOOLE and CLASS=DATASET:

    Note

    Commands, parameters, and keywords are truncated at eight characters.

    Command

    Resource name when CLASS=$BOOLE

    Resource name when CLASS=DATASET

    #D SLIP=ID01

    prefix.ssid.AAO.target.MVSCMD.D.SLIP

    prefix.ssidAAO.target. MVSCMD.D

    /DIS A

    prefix.ssid.AAO.target.IMSCMD.DIS.A

    prefix.ssid.AAO.target.IMSCMD.DIS

  3. When MainView AutoOPERATOR advanced security features are in use, check to see if the correct resource name is defined to the ESM.

    When either the CMD or EXEC feature is in use, the more discrete level of checking overrides basic security checks when the command is issued from the terminal session COMMAND line.

    The following table shows commands that can be issued and the corresponding resource name that is checked when either CLASS=DATASET or CLASS=$BOOLE is specified:

    Note

    Commands, parameters, and keywords are truncated at eight characters.

    Command

    Resource name without advanced security

    Resource name with advanced security

    #D SLIP=ID01

    prefix.ssid.AAO.target.MVSCMD

    prefix.ssid.AAO.target.MVSCMD.D.SLIP

    /DIS A

    prefix.ssid.AAO.target.IMSCMD

    prefix.ssid.AAO.target.IMSCMD.DIS.A

    %TESTEXEC

    prefix.ssid.AAO.target.EXEC

    prefix.ssid.AAO.target.EXEC.TESTEXEC

    The MainView AutoOPERATOR advanced security CMD feature does not affect BBI commands or SYSPROG commands that are issued from the COMMAND line. MainView AutoOPERATOR advanced security for CMD affects only:

    • CICS transactions

    • IBM IMS transactions

    • IMS commands

    • MVS commands

Was this page helpful? Yes No Submitting... Thank you

Comments