Defining security settings

As an administrator, you can use Security settings in CES to secure access to BMC AMI Products for Web, product functions, administrative functions, and REST endpoints. With security enabled, users must provide credentials to access the BMC AMI Products for Web. By default, administrative functions are restricted and users have access only to the base web product functions. Restricted functions are not displayed in the user interface and REST endpoints are inaccessible.

The Security feature consists of the following tabs:

  • Personal access tokens
  • Security
  • Users
  • Groups
  • Roles

Related topics

Securing-access-to-administrative-functions

Managing-users

Managing-security-groups

Managing-security-roles

Configuring personal access tokens

Personal access tokens are a widespread standard used across well-known organizations and services. You use personal access tokens instead of your credentials when you perform Code Pipeline operations by using the Code Pipeline API.

In the Personal access token tab, you can view a list of configured personal access tokens with their user names, generated token, host, and port.

On the UI, you can move a column, refresh the table, delete one or more row entries, search and filter the values in the table, and choose how many records you want to view in the table. For more information about these actions, see Common-UI-actions.

You can also perform the following actions on the Personal access token tab:

Purpose

Action

Add a personal access token

Click Add and complete the fields in the Add personal access token dialog box. For more information, see Adding a personal access token.

Edit a personal access token

Select the row and click Edit.pngEdit.

View the personal access token generated and used when making API requests.

Click Eye.png, enter the password, and click View. The generated token is displayed in the Personal access token table.

Copy the personal access token

In the relevant row, click CopyToClipboard.pngCopy.

This icon is displayed for a personal access token only after authentication.

Adding a personal access token

Perform the following steps to configure a personal access token:

  1. On the Personal access token tab, click Add.
  2. In the Add personal access token dialog box, select the required Host connection, which is the z/OS host system name or IP address that is running. To create a secure host connection, make sure that the port used is already defined as a secure port on the host mainframe.
  3. In Username, enter the RACF login name to associate with the token.
  4. Enter the required Password
  5. Click Save.

Important

Credential validation does not occur in CES when generating a Personal Access Token for a non-secured host connection that is configured for Abend-AID. In such cases, CES does not validate credentials for the host connections and accepts any input for the User ID to grants access. A host connection is not secured if EXTENRAL_SECURITY_ENABLED is set to NO in the CMSC parameter library.

For more information, see Configuration parameters controlled by the CMSC.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*