Manage Users › Simulate an Access Attempt

Simulate an Access Attempt

Use the Simulator to test the access of a subject (such as a user) to a system resource (such as a data set). Simulating access helps ensure that subjects have the correct permissions and decreases unnecessary violations and loggings. For field name definitions, see CA ACF2 Administration Guide, CA Top Secret Command Functions Guide, or IBM documentation.

Note: You can simulate access attempts only on CA ACF2 and CA Top Secret systems. RACF systems are not available on the Simulator.

Follow these steps:

1. Click Simulate Access Attempt from one of the following locations:
   • The Quick Links module
   • The Investigator tree, Users, Roles, or Rules in the Security Definitions category, the Actions pane

   The Simulate Access Attempt window appears.

2. Select a system from the System drop-down list.
3. Choose one of the following options:
   • If the user name for the selected system is the same as the logged-in user name, go to step 6.
   • If the user name for the selected system is different, go to step 4.

   Note: After you select a system, CA Chorus generates a PassTicket to authorize your connection. If the PassTicket authorization fails, enter your password to log in to the system.

4. Enter your user name.
5. (Optional) Enter the password for the selected system. The Password field appears in the following cases:
   • The PassTicket generation fails.
   • The user name that you enter is different from the logged-in user name.
   • If the application ID is not set while configuring the security systems. The application ID is used to generate a PassTicket for a logged-in user.

   Note: For more information about the application ID and identifying systems for the Security Command Manager module, see the CA Chorus for Security and Compliance Management Site Preparation Guide.

6. Enter the appropriate information in each field and click Simulate.

   Note: For information about a field, hover over it.

   The results of the simulation appear.

Example: Simulate access for a data set on a CA Top Secret system

You believe that an employee, Joe Smith, is inappropriately changing sensitive Human Resources information. The Simulator lets you research if Joe Smith has write access to HR.BONUSES data set on volume ABC321.

Follow these steps:

1. Open the Quick Links module from the Module Library.
2. Click Simulate Access Attempt.
3. Enter the following information:
   1. Select a CA Top Secret system from the System drop-down list.
   2. Enter your user name and password for the selected system.
   3. Type the user ID of Joe Smith in the User Details field.
   4. Select Data Set from the Resource Type drop-down list.
   5. Type HR.BONUSES in the Data set Name field.
   6. Type TSO in the Facility Field, TSO is the application that Joe Smith uses.
   7. Type ABC321 in the Volume field.
   8. Select Write from the Permissions drop-down list.
   9. (Optional) To refine the simulation, enter Environment Details. Click the arrow next to Environmental Details to see available fields.
   10. Click Simulate.

       The results of the simulation appear.

4. Review the simulation results to see if Joe Smith has write access to HR.BONUSES.

   You discover that Joe Smith has access to the HR.BONUSES data set. You revoke his access and escalate the issue.

Example: Simulate access for a resource on an CA ACF2 system

Employees in your human resources are having trouble accessing critical files. The Simulator lets you check if users whose UID string matches HR01CAT have update access to a resource named HR.FILES with resource type code HRF.

Follow these steps:

1. Open the Quick Links module.
2. Click Simulate Access Attempt.
3. Enter the following information:
   1. Select the ACF2 system from the System drop-down list.
   2. Select the UID option from User Details.
   3. Type HR01CAT under User Details.
   4. Select Resource Type Code from the Resource Type drop-down list.
   5. Select HRF from the Type Code drop-down list.
   6. Type HR.FILES in the Resource Name field.
   7. Select UPDATE from the Permissions drop-down list.
   8. (Optional) To refine the simulation, enter information in the DATE, TIME, and SOURCE fields in the Environment Details section. Click the arrow next to Environmental Details to see available fields.
   9. Click Simulate.

      The results of the simulation appear.

4. Review the simulation results to see if the users have update access to HR.FILES.

   You discover that the users do not have update access to HR.FILES, and grant them access to the resource.