Enable security for the OMEGAMON enhanced 3270 user interface
Enable security for the OMEGAMON enhanced 3270 user interface by specifying the name of the SAF general resource class (or classes) to use for the runtime environment.
Before you begin
About this task
If the name of the global security class was specified during configuration of the runtime environment, no further configuration of the environment is required. If no security class was specified at the time the RTE was configured, modify the RTE by completing the steps provided in the procedure in this section.
If more granular security definitions are required, you can override the global SAF class for logon, queries, or Take Action commands. You cannot override the RTE_SECURITY_CLASS value for other enhanced user interface activities: for example, controlling auto update and access to particular hubs. You cannot override the SAF resource name prefix used for other enhanced user interface activities; the prefix is always KOBUI.
- KOB_SAF_LOGON_CLASS_NAME
- Specifies a specific security class name that is to be used for interface logon authentication. This parameter defaults to the RTE_SECURITY_CLASS parameter value. This parameter should only be specified if the RTE_SECURITY_CLASS is not being specified or a unique security class name is required for logon authorization.
- KOB_SAF_QUERY_CLASS_NAME
- Specifies a specific security class name that is to be used for authorization of an interface query (data retrieval). This parameter defaults to the RTE_SECURITY_CLASS parameter value. This parameter should only be specified if the RTE_SECURITY_CLASS is not being specified or a unique security class name is required for data retrieval authorization
- KOB_SAF_ACTION_CLASS_NAME
- Specifies a specific security class name that is to be used for Take Action authorization. This parameter defaults to the RTE_SECURITY_CLASS parameter value. This parameter should only be specified if a unique security class name is required for take action authorization.
- KOB_SAF_LOGON_RESOURCE_PREFIX
- Authorization to log on to the enhanced 3270 user interface is
verified by checking for access to a SAF resource named in the following
pattern:
whereKOB.LOGON.
KOB.LOGON.
is the logon resource prefix. This prefix can be changed by setting this parameter to another value.
The enhanced 3270 user interface provides a pseudo security class named OMEGDEMO. This class name is used to implement Demo mode. In Demo mode, no authorization checks are performed. This mode should be used only at the instruction of IBM Support. To activate Demo mode, see Using Demo mode.
Procedure
Choose the steps that apply to your installation, depending on whether you use Configuration Manager or PARMGEN.
What to do next
If no z/OS® UNIX System Services ID has been created for the address space, one must be created.