Define logon profiles to control access to the interface
Authorization to log on to the enhanced 3270 user interface is controlled by logon profiles. These profiles must be created by a security administrator. If no SAF profile exists to protect an enhanced 3270 user interface instance, logging on to that instance is prevented.
About this task
The enhanced 3270 user interface verifies a user's authority to log on by checking for access to an SAF resource named in the following pattern:
KOB.LOGON.You can define a profile to control all logons to enhanced user interfaces by using the following commands:
RDEFINE $KOBSEC KOB.LOGON.** UACC(NONE)
SETROPTS RACLIST($KOBSEC) REFRESHThe logon prefix can be changed by adding the KOB_SAF_LOGON_RESOURCE_PREFIX parameter to the RKANPARU(KOBENV) member of the runtime environment in which the enhanced 3270 user interface is configured. For example:
KOB_SAF_LOGON_RESOURCE_PREFIX="E3270I.LOGON"changes the resource name pattern for resource profiles used to control logon to the OMEGAMON® enhanced 3270 user interface to
E3270I.LOGONIf you are using Configuration Manager, use the rPlibHilev.rte_name.EMBEDS(KOB$PENV) library imbed file to add the parameter to the RKANPARU(KOBENV) file.
If you are using PARMGEN, modify the WCONFIG(KOB$PENV) imbed file to add the parameter to the KOBENV file.
For both Configuration Manager and PARMGEN, the contents of the KOB$PENV file are dynamically embedded in the KOBENV file. This prevents the parameter from being overwritten when updates or maintenance is applied.
For initial testing of your configuration, the OMEGDEMO value can be used temporarily for the RTE_SECURITY_CLASS value to allow unrestricted logons to the enhanced 3270 user interface. The use of OMEGDEMO should be stopped as soon as you have verified the successful installation, configuration, and data gathering capabilities of the user interface started task.