How to Configure SDS and SCS in CA CSM › Configure SCS › Configure Security

Configure Security

Set up security settings for the SCS address space to work properly:

1. Define a security system user ID for the SCS address space. The user ID must have an OMVS segment. The segment must be defined and have read access to the data sets that the SCS address space JCL procedure allocated. The user ID does not need OMVS superuser privileges.
2. Define a security system user ID for the auxiliary address space. The user ID can be the same as the one defined for the SCS address space. The user ID must have read access to the data sets allocated by the auxiliary address space JCL procedure. If the user ID for the auxiliary address space is different from the user ID for the SCS address space, it does not need an OMVS segment.
3. Set up security on every target system, which can include the CA CSM driving system. Configure permission to access the entity SCSAS.CONNECT (READ authority) of the class CAMSM. The permission allows connections to the SCS address space through the CA CSM application server and the SCS address space. CAMSM is the default name of the SAF resource class. Your system may use a different name depending on your CA CSM installation.

   Note: For more information about setting up SCS address space security in different security systems, see the Site Preparation Guide.

4. Configure PassTickets. PassTickets are used to verify the started task ID of the CA CSM application server to allow secure connections from a remote system to the SCS address space. Set up PassTickets on the system where the CA CSM application server is executing and on each system where the SCS address space is running.

   Depending on the security system that you have, you have to complete the following steps on the CA CSM driving system and all remote systems:

   • Activate the PassTicket class (PTKTDATA).
   • Define the CA CSM application server PassTicket session key. Use the same session key on the system where the CA CSM application server is running, and all remote systems where the SCS address space is running.
   • Grant READ access to the CA CSM application server PassTicket session key for the CA CSM application server started task user ID and for the SCS address space started task user ID on every remote system.

   Note: For more information about PassTickets in different security systems, see the Site Preparation Guide.