Security
Review the following topics for information about the product's security and for recommendations on deploying securely.
SAF roles
You must have the BBM.AMIOI.UI.ACCESS SAF role defined with the following permissions:
Permission | Description |
|---|---|
CONTROL | User has admin authority in the UI |
READ | User is a regular user in the UI |
NONE | User cannot use the UI |
TLS authentication
The product uses TLS authentication for communicating between the following components:
Components | Reference |
|---|---|
(Required) AMI Manager and the user interface | |
(Optional) Tomcat and AMI Manager | |
(Optional) AMI Manager and Docker |
SSL certificates
BMC supplies self-signed certificates with this product for installation verification purposes. You must replace these certificates with a CA certificate or your own self-signed certificate.
- Get SSL certificates:
- For a development environment, follow the instructions in the TLS authentication topics (listed above) for creating self-signed certificates.
- For a production environment, we recommend that you get certificates from an Certificate Authority (CA).
Import the certificates into a PKCS #12 type keystore.
Optional Detailed Analysis
The user ID associated with the data preparation address space must have READ access to your BMC AMI Ops Monitors' data. For more information, see ESM-resource-definitions.