Take Action commands fail on SAF authorization
IBM® Z OMEGAMON® AI for Networks adopts a common security model that is used by other products in the OMEGAMON® suite.
KN3A006E RACF AUTHORIZATION ERROR
The newly adopted security model requires that all Take Action commands be validated against the RTE's security class or the product specific override.
If a security class is not specified, Take Action commands will not be permitted under this security model.
After the SMP/E installation, use the Configuration Tool or the PARMGEN tool to specify a SAF security class that is used to implement the new Take Action validation.
- The
RTE_SECURITY_CLASS
parameter, which validates the user identity using the SAF interface. The parameter specifies a valid SAF class name.- You set this parameter in the Configuration Tool using the in the Global SAF class name
field on panel KCIPRTA1 "Add Runtime Environment (1 of 3)." This parameter sets values for
everything running on this RTE when you first create the RTE. To update an existing RTE you need to
set the Global SAF class name field on panel on panel KCIPRTEU
Update Runtime Environment (1 of 3).
- You set this parameter in PARMGEN by specifying a value for the
RTE_SECURITY_CLASS
and completing the PARMGEN configuration.
- You set this parameter in the Configuration Tool using the in the Global SAF class name
field on panel KCIPRTA1 "Add Runtime Environment (1 of 3)." This parameter sets values for
everything running on this RTE when you first create the RTE. To update an existing RTE you need to
set the Global SAF class name field on panel on panel KCIPRTEU
- The
KN3_SECURITY_ACTION_CLASS
parameter can be optionally used to override theRTE_SECURITY_CLASS
value specified for the runtime environment. You can use this parameter to define a separate security class to control command-level security for IBM® Z OMEGAMON® AI for Networks monitoring agent.- You set this parameter in the Configuration Tool using the SAF class name override field
on panel KN341P2
Specify Configuration Parameters (Page 1).
- You set this parameter in PARMGEN by specifying a value for the
KN3_SECURITY_ACTION_CLASS
and completing the PARMGEN configuration.
- You set this parameter in the Configuration Tool using the SAF class name override field
on panel KN341P2
To correct this problem, configure the monitoring agent using with the Configuration Tool or
PARMGEN and the procedures described in the IBM®
Tivoli
IBM® Z OMEGAMON® AI for Networks: Planning and Configuration
Guide. Pay special attention to the Authorize users to access IBM® Z OMEGAMON® AI for Networks managed systems on the enhanced 3270
user interface
section where the instructions for setting up command authorizations are
documented.