User authorization to access OMEGAMON for IMS on z/OS managed systems on the OMEGAMON enhanced 3270 user interface
On all three 3270 interfaces, logon is controlled through the system authorization facility (SAF) interface.
In addition, the OMEGAMON® enhanced 3270 user interface performs SAF checks to verify that users are authorized to view data for specific managed systems or managed system types and are authorized to issue Take Action commands. By default, if no security class is configured, everyone is allowed to log on to the OMEGAMON enhanced 3270 user interface and to view data for any managed system. All Take Action commands are denied.
If a security class name is configured, resource profiles must be defined to control logon, data access, and Take Actions, and users must be given access to those profiles.
To define logon profiles for the OMEGAMON enhanced 3270 user interface, see the OMEGAMON shared documentation, Version 6.3.0 Fix Pack 2 and above.
KIP.msn.tablename
where
- msn
- is the managed system names. The managed system names for OMEGAMON for IMS on z/OS take
the form:
- imsid:smfid:IMS - for an IMS system
- dsgroup:lpar:SQGROUP - for a data sharing group
- sqgroup:lpar:DSGROUP - for a shared queues group
- tablename
- Name of the data source attribute group, or table, that is defined within the product agent
If a matching SAF profile does not exist to protect a query, the query is allowed.
RDEFINE $KOBSEC KIP.** UACC(NONE)
SETROPTS RACLIST($KOBSEC) REFRESH
PERMIT KIP.** ID(userid) ACCESS(READ) CLASS($KOBSEC)
Queries
require permission for READ access.For information about configuring security for the OMEGAMON enhanced 3270 user interface, see the OMEGAMON shared documentation, Version 6.3.0 Fix Pack 2 and above.