How do I notify a user that RRM denied remote access to iSeries resources? (NETIQKB53851)

goal
How do I notify a user that RRM denied remote access to iSeries resources?

goal
How do I send a custom message to a user when a rejection is triggered by RRM?

fact
PSSecure 7.5 Remote Request Management

fact
PSDetect 7.5

fact
PSDetect 8.0

fact
NetIQ Security Solutions for iSeries 8.0

fact
VigilEnt Security Agent for iSeries 7.5

fact
PSSecure 8.0 Remote Request Management

fix

RRM lets you set up the user profile and message queue alert notification actions used with PSDetect. When a specified alert message is detected, a message is sent to a pager, phone, e-mail address, escalation list, or broadcast group by PSDetect to help ensure that the appropriate person is notified.

To configure RRM rejection notifications:

1. Access the Work With RRM Defaults screen, from PSMENU, select options 2, 3, and 9.
2. Specify *PSDETECT or *BOTH in the Alert field and press Enter.
3. Press Enter.
4. Press F3 twice.
5. Access the PSDetect Work withAlert Filters screen, from PSMENU, select options 3 and 3.
6. Configure a PSDetect action by performing the following steps:
   1. Select Alert Queue PSDAPI using option 5 (Work With Filters).
   2. Use option 5 (Work with Filter Details) to select a filter for rejected remote requests. If a filter does not exist, see Creating a PSDetect Filter below.
   3. On the Selection Criteria screen, move your cursor below the actions line on lower half of the screen and press F6 (Create).
   4. On the Work With Actions screen, specify COMMAND for the action and press Enter.
   5. On the Command Action window, specify a Send Message action similar to the following, then press Enter:

      SNDMSG MSG('CALL YOUR ISERIES SECURITY ADMINISTRATOR AT (555) 555-5555 - NETIQ RRM HAS BLOCKED YOUR ACCESS TO $5 $6 $7.') TOUSR($1)

      where PSDetect variables $1, $5, $6, and $7 correspond to the substitution variables for Message ID PS10001 in message file PSCOMMON/PSRRMMSG.

   6. Press F12 (Cancel) to return to the Work With Alert Filters screen.

If the PSDetect subsystem (ZPSD) is active and PSSecure/Remote Request management (RRM) is configured and running in Secure mode, PSDetect will perform the action you just configured whenever the event occurs which is monitored by the PSDetect Alert Queue filter.

fix

Creating a PSDetect Filter

Configure a PSDetect filter for alert queue PSDAPI.

To configure a filter:

1. Access the Work With Alert Filters screen, from PSMENU, select options 3 and 3.
2. Select Alert Queue PSDAPI using option 5 (Work With Filters).
3. On the Work With Alert Filters screen, press F6 (Create).
4. Specify a Filter sequence (20) and a Filter Description such as Rejected Remote Requests and press Enter.
5. On the Alert Filter Selection Criteria screen, specify Message ID PS10001, Message file PSRRMMSG, Library PSCOMMON, press Enter twice.
6. On the Work With Actions screen, specify COMMAND for Action, press Enter.
7. On the Command Action dialog box, specify a Send Message action similar to the following, then press Enter:

   SNDMSG MSG('CALL YOUR ISERIES SECURITY ADMINISTRATOR AT (555) 555-5555 - NETIQ RRM HAS BLOCKED YOUR ACCESS TO $5 $6 $7.') TOUSR($1)

   where PSDetect variables $1, $5, $6, and $7 correspond to the substitution variables for Message ID PS10001 in message file PSCOMMON/PSRRMMSG.

8. Press F12 (Cancel) to return to the Work With Alert Filters screen.

Formerly known as NETIQKB53851