Title

Predefined task roles to the Hardware Management Console (HMC) must be specified to limit capabilities of individual users. (Cat II impact)

Discussion

Individual task roles with access to specific resources if not created and restricted, will allow unrestricted access to system functions. The following is an example of some managed resource categories: Tasks are functions that a user can perform, and the managed resource role defines where those tasks might be carried out. The Access Administrator assigns a user ID and user roles to each user of the Hardware Management Console. • OPERATOR OPERATOR • ADVANCED ADVANCED OPERATOR • ACSADMIN ACCESS ADMINISTRTOR • SYSPROG SYSTEM PROGRAMMER • SERVICE SRVICE REPRESENTATIVE Failure to establish this environment may lead to uncontrolled access to system resources.

Check Content

Have the System Administrator display the user profiles and demonstrate that valid users are defined to valid roles and that authorities are restricted to the site list of users. Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities. To display user roles chose User Profiles and then select the user for modification. View Task Roles and Manager Resources Roles. If the different roles are not properly displayed or are not properly restricted, then this is a FINDING.

Fix Text

The System Administrator must set up a list of Users Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities and these must match the users defined to the HMC. To display user roles chose User Profiles and then select the user for modification. View Task Roles and Manager Resources Roles.

Additional Identifiers

Rule ID: SV-30022r2_rule

Vulnerability ID: V-24354

Group Title: HMC0090

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.