User authorization to access OMEGAMON for IMS on z/OS managed systems on the OMEGAMON enhanced 3270 user interface

On all three 3270 interfaces, logon is controlled through the system authorization facility (SAF) interface.

In addition, the OMEGAMON® enhanced 3270 user interface performs SAF checks to verify that users are authorized to view data for specific managed systems or managed system types and are authorized to issue Take Action commands. By default, if no security class is configured, everyone is allowed to log on to the OMEGAMON enhanced 3270 user interface and to view data for any managed system. All Take Action commands are denied.

If a security class name is configured, resource profiles must be defined to control logon, data access, and Take Actions, and users must be given access to those profiles.

To define logon profiles for the OMEGAMON enhanced 3270 user interface, see the OMEGAMON shared documentation, Version 6.3.0 Fix Pack 2 and above.

To define profiles that control access to specific OMEGAMON for IMS on z/OS® managed systems, specify an SAF resource name as:
KIP.msn.tablename 
where
msn
is the managed system names. The managed system names for OMEGAMON for IMS on z/OS take the form:
  • imsid:smfid:IMS - for an IMS system
  • dsgroup:lpar:SQGROUP - for a data sharing group
  • sqgroup:lpar:DSGROUP - for a shared queues group
tablename
Name of the data source attribute group, or table, that is defined within the product agent

If a matching SAF profile does not exist to protect a query, the query is allowed.

For example, to define a profile to control all data queries for a specific product from the OMEGAMON enhanced 3270 user interface by using a SAF class name of $KOBSEC, issue the following RACF® commands:
RDEFINE $KOBSEC KIP.** UACC(NONE)
SETROPTS RACLIST($KOBSEC) REFRESH
PERMIT KIP.** ID(userid) ACCESS(READ) CLASS($KOBSEC)
Queries require permission for READ access.

For information about configuring security for the OMEGAMON enhanced 3270 user interface, see the OMEGAMON shared documentation, Version 6.3.0 Fix Pack 2 and above.