Controlling Access to OMEGAMON Monitors
- Product level security is applied when users log on to OMEGAMON
- Command level security is applied when users issue commands
A generic SA z/OS user ID must be defined to SAF for external product level security or to OMEGAMON for internal product level security.
For commands that are protected only by internal security, command locking must be enabled for this user ID, based on the command authority level needed by SA z/OS. For example, if only level 0 and 1 commands are issued from SA z/OS, an INITIAL1 rule must be defined and permission must be granted to the generic user, and at the same time there must be no INITIAL␢ rule. In the absence of INITIALn rules, the command authority level for SA z/OS is always 0. For further details, see the OMEGAMON documentation.
For commands protected by external security, appropriate command resource profiles have to be created and permission must be granted to the generic user.
Note that even though the SA z/OS generic user has the potential to issue any level n command, you can use NetView command security to selectively define (on an operator by operator or group by group basis) which operator or group can issue a particular command.