A PureFlex system with Power nodes will be used in an MSP environment where independent companies will each have an IBM i LPAR of their own on a Power compute node. The client companies will want to be able to establish a 5250 Console session for activities like full system backups. We can create a user profile in FSM that will allow them to sign in to the FSM Remote 5250 Console function and using resource groups only allow them to work with their LPAR but it appears if they open a web browser session to the FSM they will be able to look at more things on the system than we would like. Is there a way to restrict FSM users to just use the 5250 Console and nothing else?
As long as the MSP sets/changes their passwords I suppose they could put a firewall filter rule in place to only allow clients to access port 2300 (which is the console function). Do you think this would work?