RACF authorization for the BMC AMI Ops user interface started task
RACF authorization for BMC AMI Ops User Interface TERMINAL access
BMC AMI Ops User Interface passes the four-byte IP address as an eight-character terminal name.
You must enter the system from an IP address that is contained in a particular network access security zone by specifying the name of the SERVAUTH profile protecting that network access security zone, on the WHEN(SERVAUTH(...)) operand of the PERMIT command.
Customizing RACF authorization for BMC AMI Ops User Interface APPL access
For RACF support of BMC AMI Ops User Interface application access authorization through the APPL parameter in the RACROUTE VERIFY parameter list, review the following steps and perform any actions that are necessary for your site:
Define the profile MVEXPLOR in class APPL to RACF by using the following statement:
RDEFINE APPL (MVEXPLOR) UACC(NONE)For each user ID that needs to log on to BMC AMI Ops User Interface grant READ access to the MVEXPLOR resource in class APPL by using the following statement:
PERMIT MVEXPLOR CLASS(APPL) ID(userID) ACCESS(READ)- Review the security profiles to ensure that the access list is correct and complete. Use the following command to list the profiles:RLIST APPL MVEXPLOR ALL
- If necessary, activate the APPL resource class by using the following command:SETROPTS CLASSACT(APPL)
- If necessary, refresh the in-storage RACLIST profiles for the APPL class by using the following command:SETROPTS REFRESH RACLIST(APPL)