Previous Topic: Security Interfaces, CA Top Secret (z/VSE)Next Topic: Defining Access Rights of Users

Using External Security for CA DatacomSecurity Interfaces, CA Top Secret (z/VSE)Adding a Facility

Adding a Facility

In the following steps, the MUF region ACID is assumed to be MUFPROD1 and the CA Datacom Facility name is PRODMUF1.

Step 1

To establish external security in CA Top Secret for the MUF, you must first create a Facility. To do this, add the following statements to the Parameter File in CA Top Secret. The Facility name (PRODMUF1) represents this MUF. The nn and Facility name must be unique for each MUF.


     FAC(USERnn=NAME=PRODMUF1)

Specify the Facility name (PRODMUF1) and specify *** to note that any CA Datacom/DB Multi-User program may interface with CA Top Secret.


     FAC(PRODMUF1=PGM=***)

Specify the following options for the MUF. The defaults for other options provided by CA Top Secret should be acceptable.


     FAC(PRODMUF1=MULTIUSER,AUTHINIT,RES,SHRPRF,NOABEND,SIGN(M))

Step 2

Once the Facility is set up, create a region ACID for the MUF using a CA Top Secret command similar to the following. There are other options which may be desirable. The department must already exist.


     TSS CREATE(MUFPROD1) NAME('datacom-production-muf-1')DEPT(deptacid)
       FAC(BATCH) PASS(NOPW)

Step 3

Relate the region ACID and the Facility:


     TSS ADD(MUFPROD1) MASTFAC(PRODMUF1)

The MASTFAC parameter here associates the region ACID with the Facility entry made in the Parameter File. You could simply include the MASTFAC parameter in the CREATE statement which has the same effect as this step.

If a user other than MUFPROD1 runs the MUF as a batch job, a USER=MUFPROD1 parameter must be included in the job stream. To use the USER=MUFPROD1 option, the user must have authorization, such as TSS PER(userid) ACID(MUFPROD1).

Step 4

Any user who needs access to the MUF must be identified with the Facility:


     TSS ADD(userid) FAC(PRODMUF1)

Step 5

At this point, CA Top Secret security has been properly established assuming that the CA Datacom RDTs have been defined by having current maintenance, or manually applied. All MUF are at this time not secured. To secure any, some, or all MUF, add one or more entries with the DTSYSTEM class. Do not secure your MUF until you have built the desired DTADMIN, DTTABLE, and DTUTIL entries.