Extracting Profiles from the ESM

IBM Session Manager can be set up so that a user's Profiles are determined by the External Security Manager (ESM) and not from the configuration. See SECURITY and 'Defining Security' in the Installation and Customization manual.

Users' Profile settings that have been determined by the ESM cannot be modified within OLA or the IBM Session Manager Administration Plug-in. To modify users' Profile settings you must modify the ESM settings.

If the system has been configured to extract users' Profile settings from the ESM then the ESM requires a discrete userid. When you select a generic userid (that is, one suffixed by an '*' (asterisk) symbol) from the USER definitions you are presented with the Generic User dialog (see Working with a generic user), which requires you to select one of these options:

  1. Use the generic userid.
    The ESM will not be able to extract the user's Profile settings; therefore the IBM Session Manager Administration Plug-in will not be able to display any inheritance or sessions from the Profiles. The inheritance shown will be from the SYSTEM statement or the system default. This option should be selected if you need to display or update the generic user.
  2. Use a discrete userid.
    You must update the user field with a discrete userid, which will be used by the ESM to extract the user's Profiles. These Profiles will be used to show any inheritance values and Profile sessions. Although the IBM Session Manager Administration Plug-in will display the inheritance and sessions from the discrete user's Profiles, you will still display and update the generic user that you selected from the USER definitions. If the system has also been configured to determine either a user's AUTH or a user's OLACLASS or both from the ESM then this userid will also be used by the IBM Session Manager Administration Plug-in when invoking the ESM for these parameters.

Related topics:

Parent topic: