TEMS REST services authorization
TEMS REST services uses the system authorization facility (SAF) interface for user authorization.
Authorization determines what data and functions a user has access to. To retrieve or manipulate OMEGAMON® data using TEMS REST services, the user must have authorization to access the OMEGAMON data or to perform a specific activity, such as starting or stopping a situation or executing a Take Action. You can control access by defining SAF resource profiles that are unique to TEMS REST services.
The following list provides details about using the SAF interface for authorizing the use of TEMS
REST services:
- TEMS REST services uses the SAF interface in a similar manner as the OMEGAMON enhanced 3270 user interface (enhanced 3270UI). If you use $KOBSEC as the SAF general resource class for your enhanced 3270UI security, you can use some of the same authorizations that have been defined for the enhanced 3270UI for TEMS REST services. For information about how the enhanced 3270UI implements authorizations, see Enable security for the OMEGAMON enhanced 3270 user interface.
- TEMS REST services requires a SAF general resource class named $KOBSEC. If
resource class $KOBSEC does not exist, it must be defined. For more
information, see Define a SAF general resource class for securing access to OMEGAMON resources.Important: Although TEMS REST services uses the SAF interface in a similar manner as the enhanced 3270UI, the SAF general resource class name is a notable difference. For the enhanced 3270UI, the SAF general resource class name is customizable and specified in parameter RTE_SECURITY_CLASS. For TEMS REST services, the class name must be $KOBSEC.
- TEMS REST services uses parameter RTE_SECURITY_USER_LOGON to determine which security system is used to
for validation. You must set parameter KDS_TEMS_SECURITY_KDS_VALIDATE to
Yto enable validation. - You can restrict access to some TEMS REST services by defining SAF resource profiles that are
unique to TEMS REST services. For more information, see the following sections about creating SAF
profiles for TEMS REST services.Note: TEMS REST services also supports the user ID mapping capability. For more information, see Setting up the user ID mapping capability.