BMC AMI Ops products that run in a BBI-SS PAS
Related topic
The following full-screen products control access to system-specific and product-specific resources by using a resource entity naming convention that is different from that used by Windows-mode products:
- BMC AMI Ops Automation
- BMC AMI Ops Monitor for CICS
- BMC AMI Ops Monitor for Db2
- BMC AMI Ops Monitor for DBCTL
- BMC AMI Ops Monitor for IMS Online
The resource entity naming convention for these products is as follows:
prefix.ssid.product.target.suffix
The resource name qualifiers are as follows:
Qualifier | Description |
|---|---|
prefix | The one- to eight-character first index level prefix that is used for this resource name If you do not specify a prefix, the default prefix of BBM is added to this resource name automatically. |
ssid | The one- to four-character subsystem ID of the BBI-SS PAS for which the resource is to be secured The SSIDs are specified in BBPARM member BBIJNT00. |
product | One of the following product abbreviations:
|
target | The one- to eight-character target name (as displayed in the right corner of a BMC AMI Ops full-screen panel) that specifies to which target the action is directed All valid target names are listed in BBPARM member BBIJNT00. |
suffix | A predefined suffix that represents the actual function the resource represents |
When creating permits, profiles, and rules to control access to resources, an explicit or generic value can be specified for any qualifier in the resource name by using the masking characters supported by the ESM.
The remainder of this section lists the resource names, including the suffix for each resource. The suffix can consist of a BMC supplied portion and a user-specified portion.
If you plan to implement security for any of these products, the resources listed in the following table must be secured before you can implement security within each individual product. Use the information in the following figure to determine how securing a resource in one product might affect another product.
Not all resources are applicable to all products, so the third column in the following table lists which products use the resource.
Resources
To protect this resource | Description and resource name | Products affected |
|---|---|---|
Accessing a common resources target | Accessing a specific target or targets Resource name: prefix.ssid.BBI.target.ACCESS | BMC AMI OpsA BMC AMI OpsM for CICS BMC AMI OpsM for Db2 BMC AMI Ops Monitor for DBCTL BMC AMI Ops Monitor for IMS Online |
Issuing common control commands | Issuing common control commands (such as .RESET, .CANCEL, .STOP, .START) Resource name: prefix.ssid.BBI.target.BBICMD | BMC AMI OpsA BMC AMI OpsM for CICS BMC AMI OpsM for Db2 BMC AMI Ops Monitor for DBCTL BMC AMI Ops Monitor for IMS Online |
Writing messages to the common journal log | Resource name: prefix.ssid.BBI.target.JRNLMSG | BMC AMI OpsA BMC AMI OpsM for CICS BMC AMI OpsM for Db2 BMC AMI Ops Monitor for DBCTL BMC AMI Ops Monitor for IMS Online |
Resource checking during Application and Cycle Refresh | Remembering the verification of BBI-SS PAS resources for the life of an Application or Cycle Refresh session, until the refresh session is stopped Defining this resource can reduce overall CPU consumption during a refresh session. Normally, a security verification call is made for every invocation of an application during Application or Cycle Refresh. By defining the REFRESH resource and granting the PAS user ID READ access to it, authorization for the application will be remembered for the life of the refresh session. If security verification fails, the failed verification will also be remembered and the error message NOT AUTHORIZED will be issued each time the application panel is redisplayed. Resource name: prefix.ssid.BBI.target.REFRESH | BMC AMI OpsA BMC AMI OpsM for CICS BMC AMI OpsM for Db2 BMC AMI Ops Monitor for DBCTL BMC AMI Ops Monitor for IMS Online |
Dynamic data set allocation of trace log data sets | Allowing the BBI-SS PAS to allocate trace log data sets dynamically for a user Denying access specifies that the BBI-SS PAS is not to allocate the trace log data sets. Trace logging can be requested only if trace log data sets are preallocated. If access is denied and a trace log data set does not exist, a request for trace logging will fail. Resource name: prefix.ssid.BBI.target.TRALLOC | BMC AMI OpsM for CICS BMC AMI OpsM for Db2 BMC AMI Ops Monitor for DBCTL BMC AMI Ops Monitor for IMS Online |
Modifying or purging all service requests, including those started by other users | Allowing the user to modify or purge service requests, including those made by other users (for example, purging a monitor or trace) You can use a number or pound sign (#) with this resource name: PMACC=# Provides user access and changes authority (free, modify, purge, quiesce, reset, stop, switch) for all services, including those started by other users. Resource name: prefix.ssid.BBI.target.PMACC# | BMC AMI OpsM for CICS BMC AMI OpsM for Db2 BMC AMI Ops Monitor for DBCTL BMC AMI Ops Monitor for IMS Online |
Accessing service classes A through Z | Accessing analyzer and monitor service classes If SERVLIST=RESTRICT is specified in BBPARM member BBIISP00, this parameter also restricts the services displayed on the analyzer and monitor service lists. The following values can be specified with this resource name:
Resource name: prefix.ssid.BBI.target.PMACCA prefix.ssid.BBI.target.PMACCB ... prefix.ssid.BBI.target.PMACCZ | BMC AMI OpsM for CICS BMC AMI OpsM for Db2 BMC AMI Ops Monitor for DBCTL BMC AMI Ops Monitor for IMS Online |
Starting a summary application trace | Starting a summary trace (accounting) Resource name: prefix.ssid.BBI.target.TRACE.S | BMC AMI OpsM for CICS BMC AMI OpsM for Db2 BMC AMI Ops Monitor for DBCTL BMC AMI Ops Monitor for IMS Online |
Starting a summary or detail application trace | Starting a summary trace plus detail trace with SQL events Resource name: prefix.ssid.BBI.target.TRACE.D | BMC AMI OpsM for CICS BMC AMI OpsM for Db2 BMC AMI Ops Monitor for DBCTL BMC AMI Ops Monitor for IMS Online |
Starting a summary or detail application trace (with all events for BMC AMI OpsM for Db2) | Starting a detail trace plus scans, I/Os, locks, and DDF detail event tracing Resource name: prefix.ssid.BBI.target.TRACE.ALL | BMC AMI OpsM for CICS BMC AMI OpsM for Db2 BMC AMI Ops Monitor for IMS Online |
Starting a IBM Db2 application trace for the total workload (DB2AUTH = +) | Resource name: prefix.ssid.DMR.target.DB2TRACE.GENERIC | BMC AMI OpsM for Db2 |
Issuing Db2 commands in BMC AMI OpsM for Db2 | Resource name: prefix.ssid.DMR.target.DB2CMD | BMC AMI OpsM for Db2 |
Displaying SQL text when the ID of the event being traced matches the user ID | Displaying SQL text with the DUSER service and the pop-up display for the BIND-TXT entry in the DTRAC service A message is produced in place of the SQL text to inform the user that the text display was suppressed by user authorization. Granting access to this resource allows you to display only SQL text if the authorization ID of the event being traced matches the user ID connected to BMC AMI OpsM for Db2. Resource name: prefix.ssid.DMR.target.DB2SQLAU | BMC AMI OpsM for Db2 |
Displaying all SQL text | Resource name: prefix.ssid.DMR.target.DB2SQLAL | BMC AMI OpsM for Db2 |
Issuing IBM MVS commands | Issuing MVS commands (such as VARY, START, STOP, CANCEL) Resource name: prefix.ssid.AAO.target.MVSCMD | BMC AMI OpsA |
Displaying the BMC AMI OpsA Rules Processor application | Accessing and displaying Rules within the Rules Processor Users with display-only access cannot perform any actions that would affect automation. Resource name: prefix.ssid.AAO.target.RULEREAD | BMC AMI OpsA |
Updating the BMC AMI OpsA Rules Processor application | Updating and creating new Rules in the Rules Processor application Users with update access can take actions that effect automation, enable or disable Rule Sets, move Rules within a Rule Set, change Rule Set search strategy, and so on. Resource name: prefix.ssid.AAO.target.RULEUPD | BMC AMI OpsA |
Invoking IBM CICS transactions from a BMC AMI OpsA terminal session | Resource name: prefix.ssid.AAO.target.CICSTRAN | BMC AMI OpsA |
EXECs (FEATURE=EXEC) BMC AMI OpsA EXECs | Scheduling or testing BMC AMI OpsA EXECs You might want to grant authority for users to have EXEC access on a test system but not on a production system. Resource name: prefix.ssid.AAO.target.EXEC | BMC AMI OpsA |
Displaying BMC AMI OpsA parameter data in the Dynamic Parameter Manager | Resource name: prefix.ssid.AAO.target.PARMREAD | BMC AMI OpsA |
Updating BMC AMI OpsA parameter data in the Dynamic Parameter Manager | Resource name: prefix.ssid.AAO.target.PARMUPD | BMC AMI OpsA |
Invoking IBM IMS transactions from a BMC AMI OpsA terminal session | Resource name: prefix.ssid.AAO.target.IMSTRAN | BMC AMI OpsA |
Invoking IMS and IMSplex commands from a BMC AMI OpsA terminal session | Resource name: prefix.ssid.AAO.target.IMSCMD | BMC AMI OpsA |
Sending messages to the IMS terminal | Resource name: prefix.ssid.AAO.target.IMSMSG | BMC AMI OpsA |
Displaying BMC AMI OpsA parameter data in the TapeSHARE for BMC AMI OpsA Application | Resource name: prefix.ssid.AAO.target.APPL.TAPSREAD | BMC AMI OpsA |
Updating BMC AMI OpsA parameter data in the TapeSHARE for BMC AMI OpsA application | Resource name: prefix.ssid.AAO.target.APPL.TAPSUPD | BMC AMI OpsA |
Issuing AOAnywhere API commands to BMC AMI OpsA | Issuing the following AOAnywhere API commands to BMC AMI OpsA: AOEXEC VDEL AOEXEC VGET AOEXEC ALERT FUNCTION(ADD) AOEXEC ALERT FUNCTION(READQ) AOEXEC BIM AOEXEC CMD AOEXEC MSG AOEXEC NOTIFY AOEXEC WTO AOEXEC SELECT | BMC AMI OpsA Note: AOEXEC SELECT and AOEXEC AOSUBX are protected by the same resource that controls which terminal session users can schedule EXECs. For more information, see EXECs-FEATURE-EXEC . |
Invoking BMC AMI Ops SYSPROG Services from a BMC AMI OpsA terminal session | Resource name: prefix.ssid.AAO.target.RESAUTH | SYSPROG Services from BMC AMI OpsA |
Scheduling a WTO to occur in the BMC AMI OpsA PAS | To possibly grant authority for BMC Impact Integration for z/OS cell users to have WTO access on a test system but not on a production system Resource name: prefix.ssid.BIIZ.target.WTO | BMC AMI OpsA |