Prefixed Take Action commands

OMEGAMON® for IMS on z/OS® uses Take Action commands to issue commands to IMS from the OMEGAMON enhanced 3270 user interface.

Take Action commands, which are prefixed by IP, are known as agent commands. Security for OMEGAMON for IMS on z/OS Take Action commands is based on SAF security classes and resource profile names. If no resource profiles are created to control Take Action commands, all commands are denied.

The OMEGAMON enhanced 3270 user interface validates the resource profile to determine whether users are authorized to issue the Take Action commands. To allow Take Action commands on all managed systems, use the following profile:
KIP.**.TAKEACTION

You can use this profile to issue the Take Action command to the agent from the OMEGAMON enhanced 3270 user interface. The agent uses the security profile that is used by the IMS system to issue the specific IMS command.

For example, to issue OMEGAMON for IMS on z/OS Take Actions commands on all managed systems that use an SAF class name of $KOBSEC, issue the following RACF® commands:
RDEFINE $KOBSEC KIP.**.TAKEACTION UACC(NONE)
SETROPTS RACLIST($KOBSEC) REFRESH
PERMIT KIP.**.TAKEACTION ID(userid) ACCESS(UPDATE) CLASS($KOBSEC)

At a minimum, you must use this pattern for the global security class (RTE_SECURITY_CLASS) to create a profile. You must also set permissions to authorize users to issue OMEGAMON for IMS on z/OS Take Action commands to update the profile. When you specify the RTE_SECURITY_CLASS parameter (RKANPARU member KOBENV) and it is not set to the reserved name, OMEGDEMO, the OMEGAMON for IMS on z/OS agent uses this class to validate the authority of a user to issue commands. You can also create other profiles for more granular access control.

While the previous profile of KIP.**.TAKEACTION allows IMS commands to be issued for all managed systems, you can also create other profiles for more granular access and control. Use the following profile:
KIP.msn.TAKEACTION
where msn is the name of the managed system and uses this format for an IMS system: imsid:smfid:IMS. The imsid is the four-character ID of the IMS system. The smfid is the four-character System Management Facility ID.
To control the ability to issue Take Action commands to an OMEGAMON for IMS on z/OS agent that is running on LPAR MVS1 for IMSA, for example, use the following profile:
KIP.IMSA:MVS1:IMS.TAKEACTION

Users must be given UPDATE access to the profiles. In addition, an SAF Pass Ticket profile must be defined to allow the OMEGAMON enhanced 3270 user interface to authenticate between the interface and the hub monitoring server. For more information about security, see the OMEGAMON shared documentation, Version 6.3.0 Fix Pack 2 and above. For information about common parameters, see Common parameters in the Reference section of OMEGAMON shared documentation, Version 6.3.0 Fix Pack 2 and above.