Model Your User Groups

Using the NMSAF Security Solution › How You Implement NMSAF › Model Your User Groups

Model Your User Groups

To model your user groups

For each defined GROUP user, create a single model user ID.
The following default MODEL definitions are created automatically when a region starts for the first time:
- $MDADMIN
- $MDOPER
- $MDNOPER
- $MDMON
Notes:
- For CA SOLVE:FTS, CA SOLVE:Access, CA SOLVE:InfoMaster, and CA SOLVE:NetMail, create your model definitions manually, because no default definitions are created.
- $RMBUSER has no model created because only background user IDs use it.
Using your external security package, create resource names for each defined group. These must use the same resource class name as the SXCTL RCLASS setting (default FACILITY); for example:
- NETMASTR.ADMIN, for an administrator
- NETMASTR.OPER, for a system operator
- NETMASTR.NOPER, for a network operator
- NETMASTR.MON, for a monitor user
Notes:
- These resource names are generic. If you have several product regions and you want users to have different profiles on each, you could use the ACB name or domain name of each region as part of the name (for example, NETMASTR.ADMIN.NM01).
- If you use a different class name, define the class to the security system.
Issue commands to define and activate the resources in your external security system. Give PERMIT privileges with (at least) READ access to the appropriate resource, to all users that access your region.

Set up the SXCTL file with the following statements:

MODEL LIST
MODELGROUP   resource.name.1   model1
MODELGROUP   resource.name.2   model2
MODELGROUP   resource.name.3   model3
MODELGROUP   resource.name.4   model4

Note: List the resource names in the order that you want them to be tested.

If you want to allow a generic logon for any other users, add an additional line:

MODELGROUP   *   dfltmodel

More information:

External Security Definitions for Modeled Users

User ID Modeling