Administering

Resident Security Server (RSS) provides the core server functionality on which other BMC AMI Security products are supported. RSS requires profiles in an external security manager (ESM) to control who may log in, while the BMC AMI Security products normally require additional ESM profiles to control their own specific access criteria.

ESM profiles for RSS

The following profiles control access to RSS and the initial menu selection available. The profiles by default must be defined in the FACILITY class or the class defined in the RSS configuration parameters.

The following table shows RACF profiles. If you are using CA Top Secret or CA ACF2, define similar profiles:

Parameter	Description
RSM.RSS.LOGIN	READ Access Required for all users who are authorized to log in to RSS.
RSM.RSS.AUDITLOG	READ Access Required for all users who are authorized to search, view and download the RSS Audit Log.
RSM.RSS.TOOLS	READ Access Required for all users who are authorized to use the RSS tools. These allow users to issue RSS commands and drive RSS Rexx from the browser.
RSM.RSS.BATCH	READ Access Required for all users who are authorized to submit batch jobs to interface with RSS.
RSM.RSS.ADMIN	READ Access Required for all users who are authorized to use BMC AMI Security Administrator to administer RACF users and groups. Further RACF profiles are used by Security Administrator to limit specific functions.
RSM.RSS.SPM (before SPE2107) RSM.RSS.ZDETECT	READ Access Required for all users who are authorized to use BMC AMI Security Policy Manager.
RSM.RSS.BGLASS	READ Access Required for all users who are authorized to access BMC AMI Security Privileged Access Manager. Further RACF profiles are used by Security PAM to limit/control Security PAM functions.

You can also configure profiles for the BMC AMI Security product or products that you have installed:

Administering

ESM profiles for RSS

On this page