SNA Network Management Interface Security Requirements

The security requirements for the SNA Network Management Interface are:

The user ID assigned to the VTAM address space must have an OMVS segment defined and have write access to the /var directory.
If you use a SERVAUTH class SAF resource to control access to the VTAM SNAMGMT server, the user ID assigned to the SOLVE SSI address space must be permitted access to the resource. The resource name is IST.NETMGMT.sysname.SNAMGMT, where sysname is the system name where the interface is used.

Access problems to /var and IST.NETMGMT.sysname.SNAMGMT are indicated by the presence of messages NSN58n in the SOLVE SSI log.

Examples: Setting IST.NETMGMT.sysname.SNAMGMT security

This example sets the security requirements in an CA ACF2 system:

SET RESOURCE(SER)
COMPILE
$KEY(IST) TYPE(SER)
  NETMGMT.sysname.SNAMGMT UID(uid) SERVICE(READ) ALLOW
STORE

SER: The value set in the CLASMAP definition in the GSO for SERVAUTH resources.
uid: The UID of the region user.

This example sets the security requirements in a CA Top Secret system:

TSS PER(userid) SERVAUTH(IST.NETMGMT.sysname.SNAMGMT) ACCESS(READ)

This example sets the security requirements in a RACF system:

PER IST.NETMGMT.sysname.SNAMGMT CLASS(SERVAUTH) ID(userid) ACCESS(READ)