Using the BBX SAF interface

The BBX SAF security interface provides access to your RACF, CA-TOP SECRET, or CA-ACF2 external security manager (ESM).

Related topic

Protecting-CSMON-and-BMC-AMI-Ops-SYSPROG-Services

The BBX SAF security interface is not part of the 

BMC AMI Ops

 architecture; it is used to secure BMC Software stand-alone products.

Access to your ESM must be achieved through the BBX SAF interface routine.

How the BBX SAF interface works

When you use the BBX SAF security interface to protect either COMMON STORAGE MONITOR functions or 

BMC AMI Ops SYSPROG Services

, the 

BMC AMI Ops Monitor for z/OS

 product uses the following security-checking logic:

  1. OpsM for z/OS determines whether the type of service is List (which lists only system-resource information) or Update (which actually updates a system resource). Refer to BBSRC(ASTXA1SN) to determine which services are List and which services are Update.

    Some services, like the APF system programmer service, have both List and Update functions. For these services, OpsM for z/OS examines the appropriate sub-operands to distinguish between a List request, such as APF (without operands), and an Update request, such as APF ADD.

  2. OpsM for z/OS calls the BBX SAF security interface, which builds a resource name based on parameters in the SYS1.PARMLIB member BBSEC, the service name, and the service function (Update or List).
  3. The ESM—RACF, CA-TOP SECRET, or CA-ACF2—uses its database to determine whether the user is allowed access to the resource.

Important

SYSPROG Services and CSMON use the same security interface, whether running stand-alone or within OpsM for z/OS. Thus, a common set of resource name specifications suffices for all environments.



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*