Skip to Content
Information

This site will undergo a brief period of maintenance on Friday, 18 December at 12:30 AM Central/12:00 PM IST. During a 30 minute window, site availability may be intermittent.

CA-ACF2 authorization for the BMC AMI Ops user interface started task

The LOGONID for the BMC AMI Ops User Interface started task should be the same as that which is used to logon to the LPAR whereHost Server is running.

 

Related topic

Security definitions for BMC AMI Ops user interface

CA-ACF2 authorization for BMC AMI Ops User Interface TERMINAL access

CA-ACF2 support of the TERMID parameter in the RACROUTE VERIFY parameter list is managed by standard CA-ACF2 source and source group restrictions.

BMC AMI Ops User Interfacepasses the four-byte IP address as an eight-character terminal name. To authorize the users LOGONID for system entry by using BMC AMI Ops User Interfaceat a specific terminal, that terminal's IP address must appear in a source group whose name is specified by the SOURCE attribute for the LOGONID.

Customizing CA-ACF2 authorization for BMC AMI Ops User Interface APPL access

For CA-ACF2 support of BMC AMI Ops User Interface application authorization using the APPL parameter in the RACROUTE VERIFY parameter list, review the following steps and perform any actions that are necessary for your site:

  1. Define an additional SAFDEF record by using the following statements:

    ACF
    SET Control(GSO)
    INSERT SAFDEF.BBW9IA00 ID(MXPAPPL) MODE(GLOBAL) REP +
    RB(BBW9ID00) PROGRAM(BBW9ID00) +
    RACROUTE(REQUEST=AUTH,CLASS=APPL)
    END
  2. Issue the following operator command to refresh the SAF definitions in storage:F ACF2,REFRESH(SAFDEF)
  3. Determine the generalized resource rule type that SAF resource class APPL has been mapped to, as defined by a CLASMAP GSO record.By default, SAF resource class APPL is mapped to resource type SAF. You can map class APPL to any generalized resource rule type. If you use a rule type other than SAF, you must define an additional CLASMAP GSO record.

  4. (optional) Add a new CLASMAP GSO record that maps resource class APPL to rule type APL. For example:

    ACF
    SET Control(GSO)
    INSERT CLASMAP.APPL RSRCTYPE(APL) RESOURCE(APPL) +
    ENTITYLN(8)
    END

    Then, issue the following operator command to refresh the external CLASMAP table in storage:

    F ACF2,REFRESH(CLASMAP)

  5. Define a rule for resource MVEXPLOR in type APL and specify READ(ALLOW) for each LOGONID that needs to log on to BMC AMI Ops User Interface:

    ACF
    SET RESOURCE(APL)
    COMPILE * LIST STORE
    $KEY(MVEXPLOR) TYPE(APL)
    UID(-) PREVENT
    UID(mvexplorer-user) ALLOW
    END
  6. If necessary, rebuild the resident CA-ACF2 resource directory for resource type APL by using the following command:F ACF2,REBUILD(APL)

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Ops User Interface 2.5