search cancel

Top Secret Permit Required To Add/Update CICSPLEX RULES and AGENT Preferences Using Omegamon

book

Article ID: 190076

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Is there a generic permit in Top Secret that can be done to allow adding/updating all CICSPLEX RULES and AGENT Preferences using Omegamon (SYO5TOM/CTAOBAP) remote TEMS? This allows data for CICSPLEX to flow to the Hub.

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

From the IBM Tivoli OMEGAMON for CICS on z/OS, Version 5.1.0 documentation at the following link:

Updating CICSplex rules

*****
Updating CICSplex rules
The resource name that is generated when you update a CICSplex rule is slightly different. The OMEGAMON enhanced 3270 user interface validates your authority to issue a Take Action command against a specific CICS region, however, the agent will validate your authority against the CICSplex name as follows:

KCP.cicsplexname::CICSplex.TAKEACTION.RULES

where 'cicsplexname' is the name of the CICSplex being monitored.

Using generic profiles to define resources
The verification of the resource names allows for the specification of generic profiles. For example:

KCP.smfid.*.TAKEACTION.** ACCESS(READ)

This example enables you to issue Take Action commands against all the CICS regions for a specific LPAR.

Conversely, you could specify:

KCP.*.CICSP*.** ACCESS(READ)

This example, you access to all CICS regions beginning with the letters CICSP on any LPAR. If you want access to all CICS resources you would specify:

KCP.** ACCESS(READ)
*****

The equivalent of KCP.** ACCESS(READ) in Top Secret is:

TSS ADD(dept) resclass(KCP.)    (if not already done)
TSS PERMIT(acid) resclass(KCP.*) ACCESS(READ)

where:
'dept' is the department ACID to own the resource.
'acid' is the user's acid, an attached profile, or the ALL record if all users should have access
'resclass' is the RTE_SECURITY_CLASS parameter defined for the OMEGAMON enhanced 3270 user interface. When this class specified and not set to the reserved name, OMEGDEMO, the OMEGAMON XE for CICS on z/OS agent uses this class to validate a users authority to issue commands.