This check verifies that access to the TMC is protected by the setting of CA 1 System Option YSVC and rules in the external security system. The default interval for this check is to run once at startup and the exception interval is every 24 hours.
The Tape Management Catalog (TMC) contains critical data about the volumes and files protected and managed by CA 1. If this data is not properly protected through calls to the external security system, tape volumes can be expired prematurely and critical tape data can be lost. The CA 1 System Option YSVC controls access to the CA 1 SVC and the volume and file data in the TMC. We recommend that access to the CA 1 SVC and TMC should be controlled by setting this option to YES and creating access rules in the external security system.
This check does not accept any parameters.
Yes
Yes
For more information, see CA 1 SVC Call Processing (YSVC), Batch Call Processing (BATCH), and related information in the Programming Guide
TMSH0021E Your CA 1 security options allow unauthorized users to update your Tape Management Catalog (TMC) using the YSVC services of CA 1. Any user can access and update any record in the TMC. For more information, see the Message Reference Guide.
This check is provided to warn users that basic security setup has not been performed to control access to tapes and commands. This exposure is associated with defining the resource class CA@MD. If the external security is set to IBM RACF but the CA@MD resource class is not defined, users are not able to issue commands in the CA 1 ISPF panels. The default interval for this check is run once at startup and the exception interval is every 24 hours.
When you set the CA 1 external security option to YES, you are requesting the external security system to control access to tapes and commands. In order for the external security system to allow use of commands by the user in the CA 1 ISPF panels, define the CA@MD resource class. This check generates an exception when RACF is active but resource class CA@MD is not defined.
This check does not accept any parameters.
Yes
Yes
For more information, see the Programming Guide.
TMSH0171E RACF External Security is active and the CA 1 external security option is set to YES, but resource class CA@MD resource class has not been defined.
This check is provided to warn users that basic security setup has not been performed to protect against unauthorized access to tapes. This exposure is associated with defining the resource class CA@APE. If the external security is set to IBM RACF but the CA@APE resource class is not defined, tape jobs begin to fail. The default interval for this check is run once at startup and the exception interval is every 24 hours.
In order for the external security system to allow access to tapes, define the resource class of CA@APE. Then grant individual users access to resources within that class. This check generates an exception when RACF is active but resource class CA@APE is not defined.
This check does not accept any parameters.
Yes
Yes
For more information, see the Programming Guide.
TMSH0161E RACF External Security is active and the CA 1 external security option is set to YES, but resource class CA@APE has not been defined.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|