Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Ops Infrastructure 7.1.

EXECs (FEATURE=EXEC)

Before you can implement 

MainView AutoOPERATOR

 advanced security for EXECs, you must secure the ability to create, schedule, edit, and test EXECs by EXEC name.

The resource name is prefix.ssid.AAO. target.EXEC (as described in Resources).

By choosing the EXEC feature of MainView AutoOPERATOR advanced security, you are choosing to secure a user's ability to schedule EXECs by EXEC name from the COMMAND line during a user’s terminal session.

The resource name is prefix. ssid.AAO. target.EXEC. execname.

With this resource, you are also securing a user’s ability to access the EXEC from within the EXEC Manager application, which limits:

  • Selecting a specific EXEC for testing
  • Scheduling a specific EXEC
  • Browsing a specific EXEC
  • Disabling a specific EXEC
  • Scheduling an EXEC from a cell

When securing EXECs, it is important to note that the actions scheduled within the EXEC are generally not secured. For example, you might secure the ability to issue MVS commands from a specific user. However, if you allow the user to have access to an EXEC that issues an MVS command, the EXEC and the MVS command will be allowed to run completely.

However, there are exceptions to this rule about actions within EXECs:

  • If you secure the ability to access CICS services through the BBI-SS PAS (as described in MainView-for-CICS-and-MainView-AutoOPERATOR-for-CICS)

    Some CICS action services have IMFEXEC CICS statements for the MainView AutoOPERATOR for CICS option. Those IMFEXEC CICS statements can be secured and, if they are, the restrictions are valid in an EXEC that uses those statements.

  • If you secure MainView SYSPROG Services

    You can invoke MainView SYSPROG Services in an EXEC with an IMFEXEC RES statement. If the service is secured, the restrictions are valid in an EXEC that uses those statements.

  • If you issue MainView API commands within an EXEC

    IMFEXEC MainView commands require READ access to the following resources: TERMINAL(VBAPI) and PROGRAM(BBM0IA10). If access to these resources is not available, the IMFEXEC command fails with an IMFCC code of 8.

For a list of CLISTs that you can use to identify resources for EXEC-level security, see MainView AutoOPERATOR security CLISTs.

Related topic

Additional resources for MainView AutoOPERATOR


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*