Predefined task roles to the Hardware Management Console (HMC) must be specified to limit capabilities of individual users.

From IBM Hardware Management Console (HMC) STIG

Part of HMC0090

Associated with IA controls: ECLP-1

Associated with: CCI-000213

SV-30022r2_rule Predefined task roles to the Hardware Management Console (HMC) must be specified to limit capabilities of individual users.

Vulnerability discussion

Individual task roles with access to specific resources if not created and restricted, will allow unrestricted access to system functions. The following is an example of some managed resource categories: Tasks are functions that a user can perform, and the managed resource role defines where those tasks might be carried out. The Access Administrator assigns a user ID and user roles to each user of the Hardware Management Console. •       OPERATOR OPERATOR •       ADVANCED ADVANCED OPERATOR•       ACSADMIN ACCESS ADMINISTRTOR•       SYSPROG SYSTEM PROGRAMMER•       SERVICE SRVICE REPRESENTATIVEFailure to establish this environment may lead to uncontrolled access to system resources.

Check content

Have the System Administrator display the user profiles and demonstrate that valid users are defined to valid roles and that authorities are restricted to the site list of users. Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities. To display user roles chose User Profiles and then select the user for modification. View Task Roles and Manager Resources Roles. If the different roles are not properly displayed or are not properly restricted, then this is a FINDING.

Fix text

The System Administrator must set up a list of Users Note: Sites must have a list of valid HMC users, indicating their USER IDs, Date of DD2875, and roles and responsibilities and these must match the users defined to the HMC. To display user roles chose User Profiles and then select the user for modification. View Task Roles and Manager Resources Roles.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer