Sample configurations

Once you have installed BMC AMI Security Privileged Access Manager, you must configure projects to provide users access to required system resources, using the PAMProject configuration block.

Related topic

Configuring-after-installation

If you plan to use BMC AMI Security Privileged Access Manager across multiple systems, you need to configure the master and agent instances using the PAMServers and PAMAgent configuration blocks.

PAMProject member

project is a group of permissions and parameters that define the type and length of access to provide for user ID pool and self-elevation modes. You can define as many projects as you need. For example, you can have different projects for access to CICS, DB2, and z/OS.

The following example displays the configuration of two PAM projects.

*********************************************
* PAM Settings                              *
*********************************************
PAMProject               MVSADMIN
  Description            MVS Administration
  RACFGroup              PAMVS
  ESMProfile             RSM.RSS.PAMVS
  AutoPeriod             09:00 18:00 Weekdays
  AutoPeriod             00:00 23:59 WeekEnds
  AccessRetention        30 Revoke
  MaximumRetention       24 Hours
  SystemList             SYS1 SYS2 SYS3 SYS4
  LocalAuthenticate      RSM.RSS.LOCAL
  Notify                 sysadm@company.com
  ExpiryNotify           TSO REQUESTER
  ExpiryTimer            30 Minutes
  Approver               mfsupport@company.com
EndPAMProject

PAMProject               MVSUP
  Description            MVS Upgrade
  Mode                   SelfElevation
  ConcurrentMode         True
  ChangeIDPrefix         SELF
  RACFGroup              PAMVSUP
  RACFProfile            RSM.RSS.PAMVSUP
  ConnectGroup           SYSADM
  CommandUserID          Job
  AccessRetention        1440
  Notify                 sysadm@company.com
EndPAMProject

The following example displays the configuration of a PAM project with TSS configuration.

*********************************************
* PAM Settings                              *
*********************************************
PAMProject          TSSProject                         
  Description       TSS Config                   
  Mode              UserPool                                            
  TSSProfile        TPROF1                 
  ESMProfile        RSM.RSS.TSSP1           
  AccessRetention   5 Minutes                           
  AutoPeriod        00:00 23:59 Weekends   
EndPAMProject

The following example displays the configuration of a PAM project with ACF2 configuration.

*********************************************
* PAM Settings                              *
*********************************************
PAMProject          ACFProject         
  Description       ACF2 Config                 
  Mode              UserPool             
  ACF2Mask          TXT**                
  ESMProfile        RSM.RSS.ACFP1        
  AccessRetention   5 Minutes             
  AutoPeriod        00:00 23:59 Weekends
EndPAMProject

PAMServers member

The following example displays the configuration of the systems in your environment used by the master PAM instance.

*********************************************
* PAM Settings                              *
*********************************************
PAMServers
   SYS1 nnn.nnn.nnn.nx nnnn
   SYS2 nnn.nnn.nnn.ny nnnn
   SYS3 nnn.nnn.nnn.nz nnnn
   SYS4 nnn.nnn.nnn.na nnnn
EndPAMServers

PAMAgent member

The following example displays the configuration of an agent PAM instance.

*********************************************
* PAM Settings                              *
*********************************************
PAMAgent
   IPAddress nnn.nnn.nnn.nn
   Port nnnn
EndPAMAgent

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*