The Security System interface provides additional protection beyond CA 1 password and access profile protection with an interface to CA ACF2, CA Top Secret Security, RACF or any other security system that is SAF compatible. This additional protection includes data set name protection during open and end-of-volume processing, creation of secondary data sets, online interfaces and CA 1 batch updates. Protection is also provided for EXPDT=98000 (nonresident) processing, BLP, NL and NSL label processing, and online password and commands.
Each time the external security module is called, CA 1 can pass control to TMSXITS; once before the security module calls the external security system, and again after the call has been made. The actual call to the external security system is made within the CA 1 security module. TMSXITS provides options to change any of the parameters used to make the external security call, to bypass the call, or to change the return code from the external security system. For detailed instructions on the use of the TMSXITS exit, see the chapter in this guide "User Exits and Interfaces."
CA 1 does not log security violations. It is assumed that the external security system provides this feature.
CA 1 access profile protection is checked before the external security system is checked. This feature allows you to have any combination of the two types of security. Neither security system has the ability to override the other. If a tape is volume-protected by CA 1, and data set-protected by your user security system, then both security systems are checked for access authority.
The CA 1 security program, TMSSECUR, is designed to interface with CA ACF2, CA Top Secret Security, and any other security product using the SAF interface, such as RACF. A security call is created based on resource class, resource entity (name) and level of access (READ or UPDATE). Based on the return code from the external security system, TMSSECUR sets the appropriate return code for CA 1 to either allow or disallow access.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |