Installing Online Interfaces › How to Complete Configuration of the XMS Online Interfaces With CA CSM › Define Security Requirements

Define Security Requirements

Follow these steps to define security requirements for CA Top Secret Security (eTrust CA Top Secret) security:

1. Rename the existing facility in the facility matrix table if you do not have a facility defined for RMOXMS:

   TSS MODIFY FACILITY(USERnn=NAME=RMOXMS)
   

   Note: The TSS MODIFY command is only valid until the next recycle of CA Top Secret. To make the change permanent, add the following to the CA Top Secret parameter file after the FACILITY(USERnn=NAME=RMOXMS) statement :

   FACILITY(USERnn=NAME=RMOXMS)
   

2. Verify that the correct PGMname is defined for the new facility, where PGMname is either the first three characters or all the eight characters of the program name that is going to make security calls (EC1 or EC1DRV).

   TSS MODIFY FACILITY(RMOXMS=PGM=EC1)
   

   Note: The TSS MODIFY command is only valid until the next recycle of CA Top Secret. To make the change permanent, add the following to the CA Top Secret parameter file:

   FACILITY(RMOXMS==PGM=EC1)
   

3. Create region ACID for the facility and add a master facility of the facility defined in Step 1:

   TSS CREATE(RMOXMS) PASSWORD(xxxx,0) TYPE(USER) DEPT(dept)
   

   TSS ADDTO(RMOXMS) MASTFAC(RMOXMS)
   

   We recommend that all started task (STC) acids be given a password and OPTIONS(4) be set in the CA Top Secret parameter file. OPTIONS(4) eliminates the prompt for a password when the STC starts, but if someone tries to signon with the STC acid, he will need to know the password.

   The region acid needs access to all resources accessed at startup.

   This access can be given by adding bypass attributes:

   TSS ADD(RMOXMS) NODSNCHK NOVOLCHK ) or by permitting the specific resources

   TSS PERMIT(RMOXMS) DATASET(xxxx) ACCESS(access) ).

   These resources include:

   • READ access to the XMS load library if pointing to this library in a STEPLIB concatenation.
   • READ access to any other libraries specified in the STEPLIB concatenation.
   • READ access to the SYSIN DD statement if it points to a dataset.
   • UPDATE access to the Deliver database.

   If any other DD statements (that is, SYSPRINT, RMOLOG, EBCUDUMP, SYSUDUMP, etc) in the XMS startup procs point to datasets instead of SYSOUT, READ access to these datasets is required.

4. Define the RMOXMS STC to the TSS STC record:

   TSS ADDTO(STC) PROCNAME(RMOXMS) ACID(RMOXMS)
   

5. Give access to the ACIDs required to sign on to this facility (from Step 1):

   TSS ADDTO(acid) FACILITY(RMOXMS)
   

   Where 'acid' is the user acid that needs access, an attached profile, or the ALL record if all users must have access.

Install the ISPF/Cross-Memory Online Retrieval Option

The ISPF/Cross-Memory Online Retrieval Option runs under IBM's ISPF for z/OS Version 3.0 and higher.

Important! This interface requires Cross-memory services to be already installed. For more information, see Install Cross-Memory Services in this chapter.

Note: In the JCL for the cross-memory services task, the parameter XMSSUB must be set to YES.