On a Management Unit the service account is provided for Customer Support on the base system. Under this account the service engineer works on all available interfaces (web interface, Linux desktop of the local console, shell level), both locally on site and also remotely via the remote service access.
The service account can also access the BS2000 console. The following must be taken into consideration when logging entries on the BS2000 console:
In the KVP logging files it is possible to distinguish the account (e.g.
adminoruser1) under which an entry was made.In BS2000, on the other hand, only the console (e.g. C0) enables you to recognize who made an entry in the CONSLOG files.
Consequently console entries of different users are only unambiguously identifiable if every user uses a different console (console mnemonic) when accessing the console.
To achieve such differentiation, you can assign the BS2000 operator accounts different consoles (by means of individual access rights). For administrator accounts, BS2000 administrator accounts and in particular for Customer Support, it is only possible to reach an agreement on using particular unambiguous consoles.
Security-relevant actions
- Change the console for BS2000 operator accounts
In the SE Manager, Authorizations -> Users -> Operator rights enables you to enter the console access to a system with a specific console. The change takes effect immediately. - Define the console in the BS2000 operating system
It must be ensured that the assigned consoles are defined in BS2000 so that the console access functions.
You define the consoles in the/BEGIN OPRsection of the BS2000 parameter files (e.g.SYSPAR.BS2.nnn) using the keywordDEFINE-CONSOLE. Here theTELESERVICE=YESparameter ensures that the console is not taken away from Customer Support (i.e. the console cannot become either a standby console for another console or a master).
Details on configuring the console are provided in the manual “Introduction to System Administration” [8].