Is there a generic permit in Top Secret that can be done to allow adding/updating all CICSPLEX RULES and AGENT Preferences using Omegamon (SYO5TOM/CTAOBAP) remote TEMS? This allows data for CICSPLEX to flow to the Hub.
Release : 16.0
Component : CA Top Secret for z/OS
From the IBM Tivoli OMEGAMON for CICS on z/OS, Version 5.1.0 documentation:
*****
Updating CICSplex rules
The resource name that is generated when you update a CICSplex rule is slightly different. The OMEGAMON enhanced 3270 user interface validates your authority to issue a Take Action command against a specific CICS region, however, the agent will validate your authority against the CICSplex name as follows:
KCP.cicsplexname::CICSplex.TAKEACTION.RULES
where 'cicsplexname' is the name of the CICSplex being monitored.
Using generic profiles to define resources
The verification of the resource names allows for the specification of generic profiles. For example:
KCP.smfid.*.TAKEACTION.** ACCESS(READ)
This example enables you to issue Take Action commands against all the CICS regions for a specific LPAR.
Conversely, you could specify:
KCP.*.CICSP*.** ACCESS(READ)
This example, you access to all CICS regions beginning with the letters CICSP on any LPAR. If you want access to all CICS resources you would specify:
KCP.** ACCESS(READ)
*****
The equivalent of KCP.** ACCESS(READ) in Top Secret is:
TSS ADD(dept) resclass(KCP.) (if not already done)
TSS PERMIT(acid) resclass(KCP.*) ACCESS(READ)
where:
'dept' is the department ACID to own the resource.
'acid' is the user's acid, an attached profile, or the ALL record if all users should have access
'resclass' is the RTE_SECURITY_CLASS parameter defined for the OMEGAMON enhanced 3270 user interface. When this class specified and not set to the reserved name, OMEGDEMO, the OMEGAMON XE for CICS on z/OS agent uses this class to validate a users authority to issue commands.