Default language.

Controlling Alternate Access

Security for Alternate Access is independent of other BMC AMI Ops product security and has these characteristics:

  • Uses the standard SAF interface to communicate with your ESM
  • Requires that each user ID for a session be defined to your ESM

Important

Alternate Access supports AutoLogon sessions, which sign on a terminal directly to a product service at terminal address space (TAS) initialization without requiring the user to enter a user ID or password. Because of this AutoLogon feature, it is important to restrict access to Alternate Access.

Related topic

How-to-control-access-to-resources

To control access to Alternate Access

  1. Define resource BOOLEBBV to your ESM with a Universal Access of NONE.For example, for RACF specify the following TSO command:

    RDEFINE FACILITY (BOOLEBBV) UACC(NONE)

    Important

    If resource BOOLEBBV is not defined to your ESM, the user ID and password must be manually specified in clear text in either the START command or the BBVTASxx member.

  2. Permit each user ID that will use an AutoLogon session to have READ access to resource BOOLEBBV.For RACF specify the following TSO command:

    PERMIT BOOLEBBV CLASS(FACILITY) ID(userID) ACCESS(READ)

    For more detailed information about Alternate Access security, including information about defining additional security for terminals or applications, see Security-implementation-for-Alternate-Access.

Examples

The examples in this section show how to use CA ACF2 and CA Top Secret to protect resource BOOLEBBV.

  • For CA ACF2, use the following TSO commands to define resource BOOLEBBV and allow selected user IDs to access it:

    ACF

    SET RESOURCE(FAC)

    COMPILE * LIST STORE

    $KEY(BOOLEBBV) TYPE(FAC)

           UID(UID string) ALLOW

           UID(-) PREVENT

    END

    END

  • For CA Top Secret, use the following TSS ADDTO command to add resource BOOLEBBV to class IBMFAC:

    TSS ADDTO(owner-acid) IBMFAC(BOOLEBBV)

Use the following TSS PERMIT command to permit selected ACIDs to have READ access to BOOLEBBV:

TSS PERMIT(acid) IBMFAC(BOOLEBBV) ACCESS(READ)


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*