Define Take Action profiles to control access to data actions
Authorization to transmit Take Action requests from the OMEGAMON® enhanced 3270 user interface to a product agent instance is controlled by a Take Action profile named for the specific Take Action command. Enhanced 3270 user interface Take Action authorization is performed at both the Enhanced 3270 user interface and the Agent. Consequently, security configuration must be performed for both the Enhanced 3270 User interface and the OMEGAMON Agent, for example, the OMEGAMON on z/OS and OMEGAMON for CICS Agents.
Before you begin
About this task
The authority to transmit Take Action commands is verified by checking for access to an SAF resource named in the following pattern:
<Kpp>.<msn>.TAKEACTION- Kpp
- Is the product code of the agent instance. (See Product codes.)
- msn
- Is a managed system name. A managed system name typically identifies a unique Tivoli Enterprise Monitoring Server agent instance. Note that the form of managed system names differs from product to product. Check the agent-specific Configuration and Planning Guide for information about the form used for managed system names.
- TAKEACTION
- Is a literal.
You must create an SAF profile to match the resource. If there is no matching profile for a particular Take Action command, any request to transmit an action to the managed system name is denied. For example, suppose that you wanted to control the ability to issue a Take Action command to an OMEGAMON on z/OS® agent running on Sysplex IBMTEST on Sysplex member TSTA, in an SAF class name $KOBSEC. In this case, you would define a profile named KM5.IBMTEST:TSTA:MVSSYS.TAKEACTION by entering these commands:
RDEFINE $KOBSEC KM5.IBMTEST:TSTA:MVSSYS.TAKEACTION UACC(NONE)
SETROPTS RACLIST($KOBSEC) REFRESHMore generally, you could define a profile to control all Take Action commands for OMEGAMON on z/OS:
RDEFINE $KOBSEC KM5.**.TAKEACTION UACC(NONE)
SETROPTS RACLIST($KOBSEC) REFRESH