Space banner

   

This space provides the same content as before, but the organization of the home page has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.

Verifying the status of full-screen security

This topic presents a series of checks that you can perform to verify the overall status of full-screen security.

To verify the status of full-screen security

  1. Check the SYSLOG and the BBI journal for any messages that were created during BBI-SS PAS initialization.

    The following message is issued when security through the SAF interface is in use:

    SM3209I SECURITY DEFINITIONS RETRIEVED FROM xxxxxxxx ssid

    VariableDescription
    xxxxxxxx

    identifies whether security has been turned on from SYS1.PARMLIB, the logical PARMLIB concatenation, or the BBIPARM concatenation

    ssid

    name of the BBI-SS PAS that is secured


    Use this message to determine which BBI-SS PAS has had security turned on and from where.

  2. Check the syntax of the TYPE=BBI statement in the BBSEC member.

    If message SM3209I did not show up in the SYSLOG or BBI journal during BBI-SS PAS initialization, the syntax of the TYPE=BBI statement in the BBSEC member might be incorrect.

    1. Check the SS parameter to determine whether the correct BBI-SS PAS is being identified.

      Regardless of how many BBSEC members exist in SYS1.PARMLIB, the logical PARMLIB concatenation, and the BBIPARM concatenation, MainView uses the first TYPE=BBI statement where the SS=ssid parameter matches the subsystem ID of the BBI-SS PAS. An unexpected match might occur because of wildcards (such as asterisks) in the SS=ssid parameter.

    2. Check the CLASS and PREFIX parameters to determine whether the correct security class and prefix are being used.

      If the CLASS or PREFIX parameters are not specified correctly, the defaults of CLASS=$BOOLE and PREFIX=BBM are used.

  3. If changes were made to a secured resource, ensure that the resource was correctly refreshed within the ESM.

    All changes that are made to a user's security access are dynamic. After a user's authority to access a resource is changed within the ESM, those changes are in effect for the next attempt to access that resource.

  4. Check the ESM's audit trail for the resource name and user ID that are being verified.

    Because it is possible for a resource to be protected by multiple security profiles when generics are used, you should perform the following tasks:

    1. Enable any tracing or auditing facilities that the ESM provides.

    2. Check the output to determine exactly which resource name and user ID are being verified.

  5. If changes were made to the BBSEC member, ensure that the BBI-SS PAS was restarted.

    All information related to security is obtained from the BBSEC member during BBI-SS PAS initialization. If you make changes to BBSEC, warm start the affected BBI-SS PAS so that the updates take effect.

Tip

BMC Customer Support might instruct you to use a debug option to aid in correcting issues. When turned on, it displays debug messages both in the BBI Journal and as WTOs. The messages might assist in determining the resource name, user ID, and class that are used on the RACROUTE statement, and whether or not the security check granted access to that resource.




Was this page helpful? Yes No Submitting... Thank you

Comments