Creating ESM resources

The product uses external security managers (ESM) generic resource profiles to control the following access points:

  • Browser interface
  • Access to the product
  • Specific functions

Creating ESM profiles

As a system programmer or security administrator, you define the class in which the profiles are defined during configuration. By default, they are defined in the FACILITY class.

The required profiles depend on which features of the product are in use, but at a minimum, all users who have access to the browser-based applications of the product must have READ access to RSM.RSS.LOGIN. The remaining profiles required for each feature are described in detail in ACF2-RACF-and-Top-Secret-Profiles.

During installation, if you add the product ESM resources to a class other than FACILITY, specify it in the ClassName parameter in configuration member.

Creating ESM user IDs

BMC AMI Security Self Service Password Reset requires an ESM user ID to reset a user's password.

For RACF, create a user ID in one of the following ways:

  • Set the SSPR STC user ID to have RACF authority to RESET passwords

  • Define a dedicated user ID with RACF authority to RESET passwords and specify the RACFAdminUser in the BMC AMI Resident Security Server global configuration parameters. For more information, see Global configuration parameters.

Where to go from here

After creating ESM resources, review the product configuration.

Related topic

Installation-overview


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*