Authorizing the applications
This topic describes the steps of authorizing applications to use the real-time NMI.
Procedure
Perform the following steps to authorize applications to use the real-time NMI:
- Define the security product resource profiles. An optional resource name is supported for each real-time interface to restrict access to the interfaces. The resource name has the format EZB.NETMGMT.sysname.tcpprocname.interface, where:
- sysname is the MVS™ system name where the interface is enabled.
- tcpprocname is the job name that is associated with the TCP/IP stack where the interface is enabled.
- interface is the real-time interface name. It can be SYSTCPDA, SYSTCPCN, SYSTCPOT, SYSTCPSM, SYSTCPER, or SYSTCPES.
- Permit the user IDs of the applications to access the real-time
NMI resources.
After the resource profiles are defined, the user ID that is associated with the network management application must be permitted for READ access to the resources.
Guideline: The user ID that is referenced for access to the resources is the user ID that is associated with the MVS address space from which the connect() function call or the TMI copy buffer interface invocation was issued. If you are developing a feature for a product to be used by other parties, you should include in your documentation instructions indicating that administrators should define the real-time interface resource profiles for the real-time interfaces and permit the user ID of the application for READ access to the profile. - Review the authorization verification performed by the
real-time NMI.
The authorization verification for the application is different when an application connects to the real-time interface and when it invokes the TMI copy buffer interface. You should review the verification to ensure that your application will be authorized. See Verifying authorization for applications that connect to the real-time interface and Verifying authorization for applications that invoke the TMI copy buffer interface for more information.