114 IBM Session Manager Implementation
Table 4-1 Supplied OLA security classes
4.4.1 OLA security settings
An OLA class definition is a collection of menu items permissions and parameter
use settings that each have an associated OLA security setting. These
specialized security settings are used to define what the user is allowed to do. An
OLA security setting may optionally be qualified by a value to limit its scope and
the value may optionally contain masking characters. Table 4-2 is a list of the
allowed OLA security settings.
Table 4-2 OLA security settings
Class Category Task access
IM Implementor This is the highest level. All OLA tasks are
allowed.
BT Batch
Administrator
Reserved for batch OLA administration. Same
access as IM.
AD Administrator Access is allowed to all OLA tasks except those
that can change OLA security settings.
LA Local
Administrator
Access is allowed to all OLA tasks except
those that can change OLA security settings or
system settings.
SU Super User Access is allowed to tasks associated with My
USER Definition settings. Access to other
areas of OLA is not allowed. Also the user
cannot change her OLACLASS or AUTH.
US User Access is allowed for modifying the common
enduser parameters Backward, Cut, Escape,
Forward, HC Request, Paste, Previous, Push,
and Pull. Access to other areas of OLA is not
allowed.
NO No Access No access is allowed to any area of OLA. This
is the default if OLACLASS is not specified on
any configuration setting.
OLA security
setting
Description
ALL No restriction. In this case, the settings DISPLAY, CREATE,
MODIFY, and DELETE are implied.
DISPLAY Indicates that a menu or parameter can be displayed.
Chapter 4. Administrator tasks 115
The OLA security settings are processed one at a time to determine whether the
required task can be performed. Where there is a conflict, an OLA security
setting processed later overrides one processed earlier. An OLA security setting
of NONE disallows all access, even if allowed by an earlier setting.
The possibility exists that the supplied security classes do not provide the OLA
task access pattern an installation requires. This section shows how to address
that need by describing how to create a custom security class.
For this exercise, an OLA security class with permissions that lie between user
(US) and super user (SU) will be created. The new OLA security class will be
called CU for common user.
The rational for CU is to provide an OLA security class that will allow a user a
limited degree of self-administration by allowing him to manipulate his own
session list but restrict his ability to change other settings.
In order to create a new OLA security class, you must have an OLA security
class of IM or Implementor.
1. Select the OLA session from the Session Manager menu screen. This will
present the OLA Main Menu screen. See Figure 4-8 on page 116.
CREATE
NOCREATE
Controls whether a new entry can be created.
MODIFY
NOMODIFY
Controls whether an entry or parameter value can be modified.
DELETE
NODELETE
Controls whether an entry or parameter value can be deleted.
NONE Full restriction.
Note: DISPLAY is implied by CREATE, MODIFY, DELETE, or ALL.
OLA security settings are not validated in OLA, so care must be taken when
specifying their values.
OLA security
setting
Description
116 IBM Session Manager Implementation
Figure 4-8 OLA Main Menu screen
2. Select Security definitions from the OLA main menu screen. This will
present the Security Definition screen, Figure 4-9 on page 117, which has
selections for manipulating security class entries.
Session Manager - Admin Main Menu 14/09/2004 12:26:00
TN32 092AABB6 SM02
My USER definition
PROFILE definitions
Local USER definitions
Remote USER definitions
APPL definitions
TERMINAL definitions
GROUP definitions
HCOPY definitions
SYSTEM definitions
Security definitions
View Activate messages
Command ===>
Available options: S - Select (default)
Pfk1 Help 2 3 Quit 4 Act msgs 5 6
Pfk7 Backward 8 Forward 9 10 11 12
Chapter 4. Administrator tasks 117
Figure 4-9 Security Definition panel
3. Select Add new entry on the Security Definition screen. This will present the
Add Security Class screen, Figure 4-10 on page 118. Enter the name of the
new security class next to Name of entry on the Add Security Class screen.
For this demonstration the name is CU.
Session Manager - Admin Security Definition 14/09/2004 14:35:13
TN32 092AABB6 SM02
List entries
Add new entry
Copy existing entry
Edit existing entry
Rename existing entry
Delete existing entry
Command ===>
Available options: S - Select (default)
Pfk1 Help 2 3 Quit 4 Act msgs 5 6
Pfk7 Backward 8 Forward 9 10 11 12 Save
Get IBM Session Manager Implementation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
