BMC AMI Ops Automation advanced security

Before you can implement advanced security for BMC AMI Ops Automation, you must implement standard full-screen security by:

Securing access to the BBI-SS PAS (or target) with the prefix.ssid.BBI.target.ACCESS resource (as described in BMC-AMI-Ops-products-that-run-in-a-BBI-SS-PAS)
Including a TYPE=BBI statement in the same BBSEC member as the TYPE=AAO statement (as described in To create a BBSEC member)

Implementing

BMC AMI OpsA

advanced security is an optional, additional step. In some cases, advanced security resources are checked in addition to standard

BMC AMI OpsA

resources. In other cases, the advanced security feature overrides the standard security. The following table describes the

BMC AMI OpsA

advanced security features.

Each of these advanced security features can be implemented independently of each other, or in any combination. For example, you can choose to secure applications and EXECs by EXEC name, but not to secure any of the other features.

Warning

Security implemented at this level might override security that you implemented for resources that are listed in Resources. For example, you might deny access to a user to issue MVS commands (with the prefix.ssid.AAO. target.MVSCMD resource). However, if you grant access to this user for a specific MVS command (such as prefix.ssid.AAO target.MVSCMD.DISPLAY.ALL), this access will be allowed.

Feature name	Description
ALRTEXEC	Activates security checking for Alert Follow-up EXECs This feature activates the security checking for the user’s authority to schedule Alert Follow-up EXECs. When both the ALRTEXEC feature and the EXEC feature are in use, the security resource is secured based upon the EXEC name. When activating ALRTEXEC without the EXEC feature, security is only checked to see if the user can run any EXEC at all. For example: FEATURE=(ALRTEXEC) checks resource prefix.ssid.AAO.target.EXEC FEATURE=(ALRTEXEC,EXEC) checks resource prefix.ssid.AAO.target.EXEC. execname
APPL	Applies to BMC AMI OpsA applications This feature secures who can access BMC AMI OpsA applications within a terminal session, such as: BMC AMI OpsA Basic Automation applications (the Rules Processor application, the ALERTs applications, the CSM application, and so on) BMC AMI OpsA Advanced Automation applications (the OSPI application, EXEC Testing Facility, the Shared Object Facility, and so on) BMC AMI Ops Automation for z/OS option applications BMC AMI Ops Automation for IMS option applications BMC AMI Ops Automation for CICS option applications BMC AMI Ops Automation Access NV option applications For more information about application security, refer to Applications-FEATURE-APPL.
CMD	Applies to commands that you can issue from a BMC AMI OpsA terminal session. This feature allows you to secure: IMS transactions by transaction name IMS and IMSplex commands by command and parameter CICS transactions by command, keyword, and parameter MVS commands by command and parameter Warning Important Security checking is limited to eight characters each for commands, keywords, and parameters. For more information about command security, refer to Commands-and-transactions-FEATURE-CMD.
ALRT	Allows you to secure which users can delete specific ALERTs or ALERT queues by ALERT queue name. For more information about ALERT security, refer to ALERTs-FEATURE-ALRT.
EXEC	Allows you to secure which terminal session users can schedule EXECs by EXEC name. You can explicitly grant authority to certain users to be able to (or not be able to) schedule specific EXECs. For more information about EXEC security, refer to EXECs-FEATURE-EXEC.
PARM	Allows you to secure who has read-only access or update access to members in the Dynamic Parameter Manager application. For more information about parameter security, refer to Parameter-data-FEATURE-PARM.
IMSGEN	Applies to IMS generic commands that you can issue from a BMC AMI OpsA terminal session. This feature allows you to secure the individual IMS resource names when issuing IMS generic commands. FEATURE=CMD must be also specified. Warning Important Security checking is limited to eight characters each for commands, keywords, and parameters. This feature does not apply to IMSplex (Type-2) commands or IMS generic commands prefixed with an at sign (@) for IBM substitution. The user-security exit will not be invoked against the individual resource names. For more information about IMSGEN security, refer to IMS-Generic-Commands-FEATURE-IMSGEN.

BMC AMI Ops Automation advanced security

BMC AMI Ops Infrastructure 7.1

On this page