Security

SAF Roles

You must have the BBM.AMIOI.UI.ACCESS SAF role defined with the following permissions:

Permission

Description

CONTROL

User has admin authority in the UI

READ

User is a regular user in the UI

NONE

User cannot use the UI

TLS Authentication

The product uses TLS authentication for communicating between Tomcat and AMI Manager (optional) and for communicating between AMI Manager and the user interface (required). For information on how to set that up after installation, see Enabling-TLS-authentication-between-Tomcat-and-AMI-Manager and Enabling-TLS-authentication-between-AMI-Manager-and-the-user-interface.

SSL Certificates

To configure TLS after installation, you need digital certificates. It is recommended to have the certificates ready before you run the installation:

  1. Get SSL certificates:
    • For a development environment, you can use the Java Keytool to create certificates.
    • For a production environment, BMC recommends that you get certificates from an SSL certificate provider.

  2. Import the certificates into a PKCS12 type keystore.

    Example

    keytool -import -alias amioi -file myCertificate.crt -keystore ssl-store.p12 -storetype PKCS12 -storepass <password>

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*