Space banner

   

This space provides the same content as before, but the organization of the home page has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.

EXECs (FEATURE=EXEC)

Before you can implement MainView AutoOPERATOR advanced security for EXECs, you must secure the ability to create, schedule, edit, and test EXECs by EXEC name.

The resource name is prefix.ssid.AAO. target.EXEC (as described in Resources).

By choosing the EXEC feature of MainView AutoOPERATOR advanced security, you are choosing to secure a user's ability to schedule EXECs by EXEC name from the COMMAND line during a user’s terminal session.

The resource name is prefix. ssid.AAO. target.EXEC. execname.

With this resource, you are also securing a user’s ability to access the EXEC from within the EXEC Manager application, which limits:

  • Selecting a specific EXEC for testing

  • Scheduling a specific EXEC

  • Browsing a specific EXEC

  • Disabling a specific EXEC

  • Scheduling an EXEC from a cell

When securing EXECs, it is important to note that the actions scheduled within the EXEC are generally not secured. For example, you might secure the ability to issue MVS commands from a specific user. However, if you allow the user to have access to an EXEC that issues an MVS command, the EXEC and the MVS command will be allowed to run completely.

However, there are exceptions to this rule about actions within EXECs:

  • If you secure the ability to access CICS services through the BBI-SS PAS (as described in MainView for CICS and MainView AutoOPERATOR for CICS)

    Some CICS action services have IMFEXEC CICS statements for the MainView AutoOPERATOR for CICS option. Those IMFEXEC CICS statements can be secured and, if they are, the restrictions are valid in an EXEC that uses those statements.

  • If you secure MainView SYSPROG Services

    You can invoke MainView SYSPROG Services in an EXEC with an IMFEXEC RES statement. If the service is secured, the restrictions are valid in an EXEC that uses those statements.

  • If you issue MainView API commands within an EXEC

    IMFEXEC MainView commands require READ access to the following resources: TERMINAL(VBAPI) and PROGRAM(BBM0IA10). If access to these resources is not available, the IMFEXEC command fails with an IMFCC code of 8.

For a list of CLISTs that you can use to identify resources for EXEC-level security, see MainView AutoOPERATOR security CLISTs.


Was this page helpful? Yes No Submitting... Thank you

Comments