Creating a Customized Task Role to Allow V7 HMC 5250 Remote Console

Resolving The Problem

This document explains how to create a user task role that allows a user to access the HMC 5250 Console remotely. You can further tailor the access of a user to a group of servers or partitions to limit access to only certain systems, if you desire.

The HMC 5250 console for IBM i5/OS requires additional privileges to ensure correct operation. These privileges are set in the task role creation as shown below.

Creating a custom task role that will have the capability to open a HMC 5250 Console session requires the selection of three components all within the Logical Partition sub-section. They are as follows:

o Connect 5250 VTerm
o Open 5250 VTerm
o Open VTerm

1. To begin creating a customized role, from the HMC select HMC Management – Manage Task and Resource Roles:



2. Select the Task Roles button as highlighted above.

3. Select Edit – Add.

4. Enter a Role Name and select the user to base the role on.

Note: When creating the customized task role and, basing the role using hmcoperator, the user does not have authority to disconnect any other user under the Show Details option on the Remote 5250 Console Partition Selection.

5. Expand the + next to the WUI Permission item in the Available Tasks section of the panel:



6. Expand Logical Partition under Available Tasks. Highlight Connect 5250 Vterm and click Add.

7. Highlight Open 5250 Vterm and click Add.

8. Highlight Open Vterm and click Add.

9. In the Current Tasks area, expand the + next to WUI Permission, and expand Logical Partition as shown in the following example (verify your selections):



10. Click OK to save your new task role. You will now see the new role in the Customize User Controls window:



11. Select Edit – Exit to exit the panel.

Now that the task role has been created, it can be used in a user profile. You can also tailor the user to only access certain servers and partitions, if you wish.

For example, you have three servers managed by the HMC and each server has multiple partitions. You may only want the operator to access just one partition on one server. This can be accomplished by creating a managed resource role.

12. To create a managed resource role, select HMC Management – Manage Task and Resource Roles.

13. Ensure the Managed Resource Roles button is selected, then select Edit – Add.

14. Provide a new name. By default, the Based on field will show AllSystemResources.

15. Expand the + next to the Managed System you want to create the new role for:



16. Select the partition(s) you wish to provide access for, then click on the Add button.

17. Click OK to save your selections.

18. Select Edit – Exit to exit the Customize User Controls panel.

Next, we will create a new user and select the roles we have created.

19. From the HMC Management menu, select Manage User Profiles and Access.

20. To create a new user, select User – Add. (You could also edit an existing user)

21. Provide a name for the user ID, a description, then set the password.

22. Select the Managed Resource Role, and select the Task Role that you created for this user:



23. Click OK to save, then click User – Exit to exit.

To connect to the console using the new user and roles, you should do the following from a remote 5250 session:

1. Connect to the HMC, select the language, and sign on using the new user you created.
2. Select the server.
3. Select the partition you wish to open the console session for.

If you tailored the access to a certain set of servers or partitions, you will see the choices presented to you on the selection screens.

For example, this server has multiple partitions; however, the customized managed resource role selected for this user allows access to only one partition on this server. The screen will show only the allowed resources:


Notes:

1. This document applies to V7 HMC code. Task role creation for V6 of HMC code is different. For information on creating a task role with V6, refer to document N1019036, Version 6: Creating a HMC 5250 Console Task Role.
2. If the HMC is being upgraded to V7 from V6 of HMC code, task roles created to provided 5250 capability will need to be re-created; they will not migrate or update between these two versions of HMC code.