Troubleshooting
Problem
Resolving The Problem
Use the SETUSRBRM (Set User Usage for BRM) command as a starting point to grant system operators and administrators access to BRMS functions and components, then use the functional usage model to customize access by user.
If you select the *ADMIN value, the user named in the User field has use and change access to all the BRMS functions and functional components.
If you select the *OPERATOR value, the user named in the User field has use of the following BRMS functions:
- Basic backup activities: QIBM_Q1A_BKU
- Basic media activities: QIBM_Q1A_MED
- Basic movement activities: QIBM_Q1A_MOV
- Basic recovery activities: QIBM_Q1A_RCY
- Basic archive activities (when Advanced feature is installed): QIBM_Q1A_ARC
- Basic retrieval activities (when Advanced feature is installed): QIBM_Q1A_RTV
- Basic migration activities (when Advanced feature is installed): QIBM_Q1A_MGR
However, this user is removed access to the function components. This provides a basic set of functions to which you can grant additional function and functional component authority.
Notes:
| 1 |
*SECADM authority is required to use SETUSRBRM.
|
| 2 |
5770-BR2 7.4, 5770-BR2 7.5, and 5770-BR1 7.5 ship with a functional usage of *DENIED.
This has changed from previous versions that shipped BRMS with functional usage of *ALLOWED. |
| 3 | You can use the DSPLOGBRM *SEC command to review the security log messages. |
| 4 | Menu options should not display if the user does not have the functional authority. |
|
5
|
SETUSRBRM not only sets the first time, but resets if it is called again for the same user after "tailoring" has occurred.
|
| 6 | When new items which are registered with functional usage are added into BRMS (for example, new media classes, media policies, control groups, etc.), the default usage of these new items are not generated automatically based on current user access. BRMS registers each of the new items with the default usage level that you specified in the system policy (Default usage field). |
DSPFCNUSG FCNID(QIBM_Q1A*)
WRKFCNUSG FCNID(QIBM_Q1A*)
For example:
CHGFCNUSG FCNID(QIBM_Q1A_MED_CLS_CLASS1) USER(USER1) USAGE(*DENIED)
With the above command we are restricting user USER1 to display or change media class CLASS1, but starting a backup of a control group using the media class CLASS1 is allowed.
Security options:
1. In the backup area, the following usage levels are available:
Basic Backup Activities (QIBM_Q1A_BKU)
This is the basic level of backup usage. Those with Basic Backup Activities access can use and view the backup policy, control groups, and lists. Use access also allows these users to process backups by using control groups (through the STRBKUBRM command) or by libraries, objects, or folders (SAVLIBBRM, SAVOBJBRM, or SAVFLRLBRM). A user without access to basic backup activities cannot see backup menu options or command parameter options.
Backup Policy (QIBM_Q1A_BKU_PCY)
Users with access to the backup policy can change the backup policy, in addition to using and viewing it. Users without access to the backup policy cannot change it.
Backup Control Groups (QIBM_Q1A_BKU_CTLG-*)
Users with access to backup control groups can change specific control groups, in addition to using and viewing them. You can grant a user access to any number of specific control groups. Users without access to the backup control groups cannot change them.
Backup Lists (QIBM_Q1A_BKU_LIST-*)
Users with access to backup lists can change specific backup lists, in addition to using and viewing them. You can grant a user access to any number of specific backup lists. Users without access to a backup list cannot change it.
2. In the recovery area, the following usage levels are available:
Basic Recovery Activities (QIBM_Q1A_RCY)
This is the basic level of recovery usage. Users with basic recovery activities access can use and view the recovery policy. In addition, they can also use the WRKMEDIBRM command to process basic recoveries, and the RSTOBJBRM and RSTLIBBRM commands to perform individual restores. Users without access to basic recovery activities cannot see recovery menu options or command parameter options.
Recovery Policy (QIBM_Q1A_RCY_PCY)
Users with access to the recovery policy can change the recovery policy, in addition to using and viewing it. Users without access to the recovery policy cannot change it.
3. In the area of media management, the following usage levels are available:
Basic Media Activities (QIBM_Q1A_MED)
This is the basic usage level for this function. Users with access to basic media activities can perform basic media-related tasks such as using and adding media to BRMS. Users with this access can also use and view, but not change, media policies, and media classes. Users without access to basic media activities cannot see related menu options or command parameter options.
Advanced Media Activities (QIBM_Q1A_MED_ADV)
Users with access to the advanced media activities can perform media tasks such as expiring, removing, and initializing media.
Media Policies (QIBM_Q1A_MED_PCY_*)
Users with access to the media policies can change specific media policies, in addition to using and viewing them. You can grant a user access to any number of media policies. Users without access to a media policy cannot change it.
Media Classes (QIBM_Q1A_MED_CLS_*)
Users with access to the media classes can change specific media classes, in addition to using and viewing them. You can grant a user access to any number of media classes. Users without access to a media class cannot change it.
Media Information (QIBM_Q1A_MED_INF)
Users with Media Information access can change media information from the Work with Media Information (WRKMEDIBRM) displays.
Basic Movement Activities (QIBM_Q1A_MOV)
Users with access to basic movement activities can manually process or display MOVMEDBRM commands but cannot change them.
Move Verification (QIBM_Q1A_MOV_VFY)
Users with access to move verification can perform move verification tasks.
Move Policies (QIBM_Q1A_MOV_PCY_*)
Users with access to move policies can change specific move policies, in addition to using and viewing them. You can grant a user access to any number of move policies. Users without access to a move policy cannot change it.
4. In the system area, the following usage options are available:
Basic System Activities (QIBM_Q1A_SYS)
Users with basic system-related activities can use and view device displays and commands. They can also view and display auxiliary storage pool (ASP) information and commands. Users with this access level can also use and view the system policy.
Devices (QIBM_Q1A_SYS_DEV)
Users with device access can change device-related information. Users without this access are unable to change device information.
Auxiliary Storage Pools (QIBM_Q1A_SYS_ASP)
Users with access to ASP information can change information about BRMS ASP management.
Maintenance (QIBM_Q1A_SYS_MNT)
Users with maintenance access can schedule and run maintenance operations.
System Policy (QIBM_Q1A_SYS_PCY)
Users with access to the system policy can change system policy parameters.
Initialize BRM (QIBM_Q1A_INZBRM)
Users with this access can use the INZBRM command.
Enterprise (QIBM_Q1A_ENT)
Users with this access can monitor backup operations for their BRMS systems from a central site.
Historical Number
442844686
Was this topic helpful?
Document Information
Modified date:
07 January 2025
UID
nas8N1014505