Sample configurations

Once you have installed BMC AMI Security Breakglass, you must configure projects to provide users access to required system resources, using the BreakglassProject configuration block.

(SPE2107) If you plan to use BMC AMI Security Breakglass across multiple systems, you need to configure the master and agent instances using the BreakglassServer and BreakglassAgent configuration blocks.

BreakglassProject member

project is a group of permissions and parameters that define the type and length of access to provide for user ID pool and self-elevation modes. You can define as many projects as you need. For example, you can have different projects for access to CICS, DB2, and z/OS.

The following example displays the configuration of two Security Breakglass projects.

*********************************************
* Breakglass Settings                       *
*********************************************
BreakglassProject        MVSADMIN
  Description            MVS Administration
  RACFGroup              BGMVS
  RACFProfile            RSM.RSS.BGMVS
  AutoPeriod             09:00 18:00 Weekdays
  AutoPeriod             00:00 23:59 WeekEnds
  AccessRetention        30 Revoke
  MaximumRetention       24 Hours
  SystemList             SYS1 SYS2 SYS3 SYS4
  LocalAuthenticate      RSM.RSS.LOCAL
  Notify                 sysadm@company.com
  ExpiryNotify           TSO REQUESTER
  ExpiryTimer            30 Minutes
  Approver               mfsupport@company.com
EndBreakglassProject

BreakglassProject        MVSUP
  Description            MVS Upgrade
  Mode                   SelfElevation
  ConcurrentMode         True
  ChangeIDPrefix         SELF
  RACFGroup              BGMVSUP
  RACFProfile            RSM.RSS.BGMVSUP
  ConnectGroup           SYSADM
  CommandUserID          Job
  AccessRetention        1440
  Notify                 sysadm@company.com
EndBreakglassProject

BreakglassServer member

(SPE2107)

The following example displays the configuration of the systems in your environment used by the master Security Breakglass instance.

*********************************************
* Breakglass Settings                       *
*********************************************
BreakglassServers
   SYS1 nnn.nnn.nnn.nx nnnn
   SYS2 nnn.nnn.nnn.ny nnnn
   SYS3 nnn.nnn.nnn.nz nnnn
   SYS4 nnn.nnn.nnn.na nnnn
EndBreakglassServers

BreakglassAgent member

(SPE2107)

The following example displays the configuration of an agent Security Breakglass instance.

*********************************************
* Breakglass Settings                       *
*********************************************
BreakglassAgent
   IPAddress nnn.nnn.nnn.nn
   Port nnnn
EndBreakglassAgent

Related topic

Configuring-after-installation

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*