×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Limited support

   

BMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.

BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Ops Monitor for CICS version 7.2.00.
MainView for CICS 6.8 ... MainView for CICS Customization Guide Standard implementation procedures

Site-specific security

The BBI-SS PAS uses the EXCI function to reconnect to CICS after the BBI-SS PAS is recycled.

The CREGAGT windows-mode views provide commands to control MainView for CICS initialization and termination, and its agent functions--extractor, task kill, SMF recording of the CICS CMF 110 records, and MainView AutoOPERATOR for CICS. These commands also use the CICS External Interface (EXCI) facility to communicate to the target CICS systems. When the PAS is recycled, it uses the EXCI facility to reconnect to CICS regions. Therefore all BBI-SS systems must have the proper security authorization to issue commands.

When CICS security is active with certain SIT parameters, the BBI-SS PAS user ID must have proper security authorization in order to start MainView for CICS transactions, as well as to create and discard transactions and program definitions.

When XCMD=YES and CMDSEC=ALWAYS in the SIT, the BBI-SS PAS address space user ID must have access defined for the following resources in resource class CCICSCMD (or site-specified resource class for XCMD): 

secprfx.EXITPROGRAM  ACCESS(UPDATE)
               .PROGRAM      ACCESS(ALTER)
               .SYSTEM       ACCESS(READ)
               .TRANSACTION  ACCESS(ALTER)
               .MONITOR      ACCESS(UPDATE)
               .TASK         ACCESS(READ)
               .IRC          ACCESS(UPDATE)
               .TSQUEUE      ACCESS(READ)
               .CONNECT      ACCESS(READ) 
               .STATISTIC    ACCESS(READ)
               .FILE         ACCESS(UPDATE)

secprfx is the security prefix that is specified by the SECPRFX parameter in the SIT, if any.

When XPPT=YES or XPCT=YES, and RESSEC=ALWAYS, the BBI-SS PAS user ID must have ACCESS(ALTER) privileges for resources in the resource classes MCICSPPT (XPPT) and ACICSPCT (XPCT or site-specified resource class for XPPT and XPCT) in order to create program and transaction definitions, respectively. See Managed resources for the list of programs and transactions.

When XTRAN=YES (regardless of CMDSEC and RESSEC settings), the BBI-SS PAS user ID must have ACCESS(READ) privileges for transactions (resource) BMCE, FST2, BCRT, FCD2, JNL2 and FIC2 in resource class TCICSTRN (or site-specified resource class for XTRAN).

In the target CICS if CICS surrogate user checking is turned on through the SIT parameter XUSER=YES (regardless of CMDSEC and RESSEC settings), the BBI-SS PAS user ID must be authorized as a surrogate user in the CICS region. This setting can be accomplished by using the following RACF command:

PERMIT userid1.DFHSTART CLASS(SURROGAT) ID(userid2) ACCESS(READ)

userid1 is the ID of the BBI-SS PAS and userid2 is the user ID of the CICS region.

If a security manager other than RACF is being used, refer to appropriate security guide for more information.

Refer to the CICS RACF Security Guide for details about CICS security checking. Refer to the CICS System Definition Guide for details about CICS security system initialization parameters (CMDSEC, RESSEC, XTRAN, XUSER, and so on).

Note

If CMDSEC and RESSEC are set to ASIS, the only SIT security parameters that affect the BBI-SS PAS are XTRAN and XUSER.

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Last modified by Margaret Yen on Jun 02, 2017
user_id bbi-ss_pas racf_command surrogate_user surrogate_user_checking secprfx_parameter xuser_parameter xtran_parameter cregagt_view esm_see_external_security_manager cics_considerations external_security_manager_esm ccicscmd_resource_class system_initialization_table_sit cmdsec_parameter xcmd_parameter customization cics implementation security authorization

Comments

Log in or register to comment.

Processing CICS statistical records
OLTCNTL parameter ACTNSEC
© Copyright 1987-2015, 2017 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.