Using the BBX SAF interface


The BBX SAF security interface provides access to your RACF, CA-TOP SECRET, or CA-ACF2 external security manager (ESM).

The BBX SAF security interface is not part of the MainView architecture; it is used to secure BMC Software stand-alone products.

Access to your ESM must be achieved through the BBX SAF interface routine.

How the BBX SAF interface works

When you use the BBX SAF security interface to protect either COMMON STORAGE MONITOR functions or SYSPROG services, the MainView for z/OS product uses the following security-checking logic:

  1. MainView for z/OS determines whether the type of service is List (which lists only system-resource information) or Update (which actually updates a system resource). Refer to BBSRC(ASTXA1SN) to determine which services are List and which services are Update.

    Some services, like the APF system programmer service, have both List and Update functions. For these services, MainView for z/OS examines the appropriate sub-operands to distinguish between a List request, such as APF (without operands), and an Update request, such as APF ADD.

  2. MainView for z/OS calls the BBX SAF security interface, which builds a resource name based on parameters in the SYS1.PARMLIB member BBSEC, the service name, and the service function (Update or List).
  3. The ESM—RACF, CA-TOP SECRET, or CA-ACF2—uses its database to determine whether the user is allowed access to the resource.

Note

SYSPROG and CSMON use the same security interface, whether running stand-alone or within MainView for z/OS. Thus, a common set of resource name specifications suffices for all environments.




 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*