Skip to Content
Information
Limited support BMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Ops Infrastructure 7.1 .

Windows-mode security

For windows-mode security, the following parameters are used:

Parameter

Description

ESMTYPE(AUTO)

BMC AMI Ops automatically determines which ESM is installed and active.

CLASS(‘$BBM’)
NEXT - ‘MainView’

The default security class of $BBM is transformed to class MainView by use of a NEXT statement.

To protect BMC AMI Ops Monitor for Db2 windows-mode resources, the site grants the following access:

  • The Technical Services staff has access to all product data and actions on all Db2 systems.
  • All other users have read-only access to product data.
  • Some users are prevented from accessing certain Db2 systems (for example, the Production Staff is denied access to test systems).

To define this security environment, the site uses CA ACF2 rules as shown below.

Sample CA ACF2 rules for BMC AMI Ops Monitor for Db2, windows mode

***********************************************************************
* RULES FOR WINDOW-MODE FOR BMC AMI Ops Monitor for Db2                   
*                                                                       
* FORMAT CONTEXT (1ST LEVEL)...BBM.SYS?.MVDB2.DB2?.TA                   
* FORMAT VIEW....(2ND LEVEL)...BBM.MVDB2.DB2?.INTTABLE.ACTION           
*                                                                       
*- NOTE : SEE MANUAL 'IMPLEMENTING SECURITY' FOR DETAIL        
***********************************************************************
$KEY(MVDB2) TYPE(MVW)                                                   
$PREFIX(BBM)                                                            
***********************************************************************
* appl1    = APPLICATION 1                                              
* appl2    = APLLICATION 2                                              
* devdba   = DEV DBA                                                    
* operator = OPERATIONS STAFF                                           
* prodexpl = PROD/EXPLOITATION STAFF
***********************************************************************
* TECHNICAL SERVICES ACCESS (1ST LEVEL)                                 
***********************************************************************
 -.MVDB2.-            UID(sysprog) ALLOW                                
 -.MVDB2.-            UID(techdba) ALLOW                                
 -.MVDB2.-            UID(-) PREVENT
***********************************************************************
* OPERATIONS STAFF ACCESS (1ST LEVEL) ALL DB2                           
***********************************************************************
-.MVDB2.-             UID(operator) ALLOW
***********************************************************************
* PRODUCTION STAFF ACCESS (1ST LEVEL) ALL DB2 BUT TEST                  
***********************************************************************
-.MVDB2.-             UID(prodexpl) ALLOW                               
SYSD.MVDB2.-          UID(prodexpl) PREVENT                             
SJSD.MVDB2.-          UID(prodexpl) PREVENT
***********************************************************************
* DBA/DEV (1ST LEVEL)                                                   
***********************************************************************
SYSA.MVDB2.-          UID(devdba) ALLOW                                 
SYSC.MVDB2.-          UID(devdba) ALLOW                                 
SYSE.MVDB2.DB2M.-     UID(devdba) ALLOW                                 
SYSE.MVDB2.DB2C.-     UID(devdba) ALLOW                                 
SYSH.MVDB2.-          UID(devdba) ALLOW                                 
SYSJ.MVDB2.-          UID(devdba) ALLOW                                 
SYST.MVDB2.DB1S.-     UID(devdba) ALLOW
***********************************************************************
* APPLICATION 1 (1ST LEVEL)                                             
***********************************************************************
SYSP.MVDB2.-          UID(********appl1) ALLOW                          
SYSP.MVDB2.-          UID(********appl2) ALLOW                          
***********************************************************************
* APPLICATION 2 (1ST LEVEL)                                             
***********************************************************************
SYST.MVDB2.DB2V.-     UID(********appl2) ALLOW                          
SYSE.MVDB2.DB2W.-     UID(********appl2) ALLOW
***********************************************************************
* VIEWS ACCESS (2ND LEVEL) FOR TECHNICAL SERVICES                       
* ALL ACCESS                                                            
***********************************************************************
MVDB2.-          UID(sysprog) ALLOW                                     
MVDB2.-          UID(techdba) ALLOW                                     
***********************************************************************
* VIEWS ACCESS (2ND LEVEL) FOR EVERY BODY ELSE
* BROWSE ACCESS (OD)                                                    
***********************************************************************
MVDB2.-          UID(-) PREVENT                                         
MVDB2.-.-.OD     UID(-) ALLOW                                           
***********************************************************************

Related topic

Security-case-study-BMC-AMI-Ops-Monitor-for-Db2

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Ops Infrastructure 7.0