Skip to Content
Information

This site will undergo a brief period of maintenance on Friday, 18 December at 12:30 AM Central/12:00 PM IST. During a 30 minute window, site availability may be intermittent.

Information
Limited support BMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Ops Infrastructure 7.1.

Checking MainView AutoOPERATOR advanced security

If you encounter security problems with 

MainView AutoOPERATOR

 advanced security, check the following items:

  1. Check the SYSLOG or the BBI journal for any of the following messages created during initialization when any MainView AutoOPERATOR advanced security features are in use:

    AA3210I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=APPL IN USE
    AA3211I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=CMD IN USE
    AA3212I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=EXEC IN USE
    AA3215I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=ALRT IN USE
    AA3216I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=PARM IN USE
    AA3221I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=ALRTEXEC IN USE
    AA3223I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=IMSGEN IN USE

    Each MainView AutoOPERATOR security feature that is implemented generates a separate message.

  2. Check the SYSLOG or the BBI journal for any of the following messages created during initialization when the MainView AutoOPERATOR advanced security CMD feature is in use:

    AA3214W TYPE=AAO FEATURE=CMD SPECIFIED WITH SAF CLASS=DATASET
    AA3211I SECURITY DEFINITIONS FOR TYPE=AAO FEATURE=CMD IN USE

    AA3214W is a warning message that is issued any time you start the BBI-SS PAS with a security class of DATASET. This results in resource names for command transactions being restricted to only the command. Parameters and keywords are not checked.

    The following table shows an example of commands that can be used and the corresponding resource name that is checked for CLASS=$BOOLE and CLASS=DATASET:

    Warning

    Note

    Commands, parameters, and keywords are truncated at eight characters.


    Command

    Resource name when CLASS=$BOOLE

    Resource name when CLASS=DATASET

    #D SLIP=ID01

    prefix.ssid.AAO.target.MVSCMD.D.SLIP

    prefix.ssidAAO.target. MVSCMD.D

    /DIS A

    prefix.ssid.AAO.target.IMSCMD.DIS.A

    prefix.ssid.AAO.target.IMSCMD.DIS

  3. When MainView AutoOPERATOR advanced security features are in use, check to see if the correct resource name is defined to the ESM.When either the CMD or EXEC feature is in use, the more discrete level of checking overrides basic security checks when the command is issued from the terminal session COMMAND line.

    The following table shows commands that can be issued and the corresponding resource name that is checked when either CLASS=DATASET or CLASS=$BOOLE is specified:

    Warning

    Note

    Commands, parameters, and keywords are truncated at eight characters.


    Command

    Resource name without advanced security

    Resource name with advanced security

    #D SLIP=ID01

    prefix.ssid.AAO.target.MVSCMD

    prefix.ssid.AAO.target.MVSCMD.D.SLIP

    /DIS A

    prefix.ssid.AAO.target.IMSCMD

    prefix.ssid.AAO.target.IMSCMD.DIS.A

    %TESTEXEC

    prefix.ssid.AAO.target.EXEC

    prefix.ssid.AAO.target.EXEC.TESTEXEC

    The MainView AutoOPERATOR advanced security CMD feature does not affect BBI commands or SYSPROG commands that are issued from the COMMAND line. MainView AutoOPERATOR advanced security for CMD affects only:

    • CICS transactions
    • IBM IMS transactions
    • IMS commands
    • MVS commands

Related topic

Troubleshooting-in-full-screen-mode

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

MainView Infrastructure 6.3