|
|
|
When a data center uses access control software to protect its data sets, you must obtain permission to read CA Auditor data sets and certain system data sets. During execution, CA Auditor accesses program modules, ISPF/PDF panels, messages, and its database entries. All CA Auditor users must have permission to read these data sets. CA Auditor updates the user profile database during the CA Auditor session. All CA Auditor users must have permission to update the data set that contains the user profile database.
CA Auditor reads system data sets to perform many of its analysis functions. Normally, users must have the authority to read the system procedure libraries (proclibs), the link list libraries (including SYS1.LINKLST), APF‑authorized libraries, and all other z/OS system (SYS1) libraries. If CA Auditor functions process other data sets, such as CA Librarian or CA Panvalet libraries, CA Auditor users need read access to those data sets too. When CA Auditor reads a volume table of contents (VTOC), it allocates and deletes a dummy data set whose name begins with the user’s TSO prefix. The user must have authority to allocate a data set on a particular volume for CA Auditor to read its VTOC.
CA Auditor never modifies the data sets it analyzes. CA Auditor users need write or update authority only for the user profile database, which is named prefix.EXAMINE.DBASE1 (or prefix.CAIDBS1 for SMP/E installations). After CA Auditor is installed, users do not need the authority to create, delete, rename, or in any way modify other CA Auditor or system data sets.
The CA Auditor central parameter file holds the parameters associated with SNMP trap and CA Audit support. If your site uses this file and the parameters are common to all users, restrict access to the file to:
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |