Managing user access
To set up the BMC AMI Command Center repository, you must grant BMC AMI Command Center superuser authorization to at least one user.
Before you begin
You must have SAF authorization that enables you to create and assign the required resources.
To grant user access
Use the following procedure to grant access permission to BMC AMI Command Center features. You must grant access for each UIM installation.
To grant access permission to features, perform one of the following actions:
- To grant access to all features, create the following SAF resource: BMCGUD.WBAC.system.port.**
- To grant access by feature, create a SAF resource for each feature. For more information about the SAF resources associated with BMC AMI Command Center features, see SAF resources.
When creating SAF resources, perform the following actions:
- Create the SAF resources as an XFACILIT class. If you use CA-ACF2, define the resource as TYPE(XFC).
- Replace the variable port with the port number of the UIM server.
- Replace the variable system with the value of the SYSNAME system symbol, which you can obtain using the MVS system command D SYMBOLS.
- Grant ALTER authority to the resources that you created for the user or group that needs to access the features.
To revoke user access
You can revoke access permission to one or more BMC AMI Command Center features. You must revoke access for each UIM installation to which you granted access. You cannot revoke access to the Workspace manager or DB2 Navigator perspective unless you entirely revoke access to BMC AMI Command Center.
If you granted access to all features using the double asterisk syntax, perform one of the following actions for the user or group for which you want to revoke access:
- To revoke access to all features, assign NONE authority to the WBAC.system.port.** SAF resource.
- To revoke access to one or more features, perform the following steps:
- Create a SAF resource for each feature. For more information about the SAF resources associated with BMC AMI Command Center features, see SAF resources.
- Grant NONE authority to the resources that you created.
If you granted access to features by creating SAF resources for each feature, grant NONE authority to the resources that you created for the user or group for which you want to revoke access.
When creating SAF resources, perform the following actions:
- Create the SAF resources as an XFACILIT class. If you use CA-ACF2, define the resources as TYPE(XFC).
- Replace the variable port with the port number of the UIM server.
- Replace the variable system with the value of the SYSNAME system symbol, which you can obtain using the MVS system command D SYMBOLS.
SAF resources
For the Workspace console, you can grant or revoke access permission for specific perspectives. The following table contains the SAF resources for each perspective:
For this perspective | Create this SAF resource |
|---|---|
File Locator | BMCGUD.WBAC.system.port.FILE_LOCATOR |
Job Browser | BMCGUD.WBAC.system.port.JOB_BROWSER |
SQL Tuning | BMCGUD.WBAC.system.port.SQL_TUNING |
Scratchpad | BMCGUD.WBAC.system.port.SCRATCHPAD |
Schema Management | BMCGUD.WBAC.system.port.SCHEMA_MANAGEMENT |
Recovery Management | BMCGUD.WBAC.system.port.RECOVERY_MANAGEMENT |
Product Tools | BMCGUD.WBAC.system.port.PRODUCT_TOOLS |
For the Product Tools perspective, you can grant or revoke access permission for specific features (views). The following table contains the SAF resources for the Product Tools views:
For this Product Tools view | Create this SAF resource |
|---|---|
Object set management | BMCGUD.WBAC.system.port.PRODUCT_TOOLS.OBJ_SET_MGR |
BMC AMI Utility Management | BMCGUD.WBAC.system.port.PRODUCT_TOOLS.NGT_UTIL_MGR |
SmartSwitch | BMCGUD.WBAC.system.port.PRODUCT_TOOLS.SMART_SWITCH |
SQL Assurance | BMCGUD.WBAC.system.port.PRODUCT_TOOLS.SQL_ASSURANCE |
Schema Standards | BMCGUD.WBAC.system.port.PRODUCT_TOOLS.SCHEMA_STANDARDS |
For the Apps console, you can grant or revoke access permission for specific Apps. The following table contains the SAF resources for the Apps:
For this App | Create this SAF resource |
|---|---|
SQL Errors | BMCGUD.WBAC.system.port.SQL_ERRORS |
SQL Analysis | BMCGUD.WBAC.system.port.SQL_ANALYSIS |
SQL Alerts | BMCGUD.WBAC.system.port.SQL_ALERTS |
To grant superuser authorization
You must grant superuser authorization to at least one BMC AMI Command Center user. A superuser authorization is required to set up the BMC AMI Command Center repository.
With superuser authorization, a user can perform the following actions:
- Set up the BMC AMI Command Center repository.
- Edit and delete connections owned by any user.
- Edit and delete templates owned by any user.
- Create, edit, and delete public connections.
- Create, edit, and delete product links.
Superuser authorization is specific to each UIM. If your site stores public connections and templates on several sysplexes according to business function, you can provide superuser authorization to specific users based on their areas of responsibility.
To grant superuser authorization, perform the following steps:
- Make sure that the UIM server PTF BPJ0835 has been installed.
- For each UIM installation, create the following SAF resource: BMCGUD.WBSU.system.port
When creating the SAF resource, perform the following actions:- Create the SAF resources as an XFACILIT class. If you use CA-ACF2, define the resources as TYPE(XFC).
- Replace the variable port with the port number of the UIM server.
- Replace the variable system with the value of the SYSNAME system symbol, which you can obtain using the MVS system command D SYMBOLS.
- Grant ALTER authority to the superuser resource for the user requiring superuser authorization on the specified UIM.
To hide disabled features
Use the following procedure to hide features that users are not authorized to use:
- In the console's main menu, click Signed in as > User Access.
- In the User Access dialog box, select the Manage user access tab.
- Select Hide features disabled by the security administrator.
- Click OK.