Installing CA Disk Under CA Top Secret

Installing CA Disk Under CA Top Secret

Regardless of whether or not the CA Disk Security Interface for CA Top Secret is installed, several items must be done for CA Disk to run effectively on a system using CA Top Secret.

1. Set up your production CA Disk runs to have sufficient access to process all data sets managed by CA Disk. The simplest way to accomplish this is to run these CA Disk tasks with a user ACID that has all authority to all data sets.

   Other alternatives are also possible. Individual users can process (archive, restore, and so on.) for only those data sets they are authorized too.

2. Decide if you must set sysparm ARSECURE. If you do not intend to set CA Disk sysparm ARSECURE, proceed to step 4.

   If you intend to set CA Disk sysparm ARSECURE, according to the supplier of CA Top Secret, you must set up CA Disk as an CA Top Secret Facility. Perform the following steps:

   1. Choose an 8-character Facility Name, a unique Facility Code for the TSSUTIL report, and a 7-character user ACID name.

      Create the facility by using the following CA Top Secret Control Options:

      FAC(USERx=NAME=DMSOS)
      FAC(DMSOS=PGM=ADS)
      FAC(DMSOS=ACTIVE,NOABEND,NOASUBM,NOAUDIT,AUTHINIT)
      FAC(DMSOS=ID=facilitycode)
      FAC(DMSOS=NOINSTDATA,KEY=8,LCFCMD,LOCKTIME=0)
      FAC(DMSOS=NOLUMSG,LOG(MSG))
      FAC(DMSOS=SUAS,NORNDPW,RES,SIGN(M))
      FAC(DMSOS=NOSHRPRF,NOSTMSG,NOTSOC,WARNPW)
      FAC(DMSOS=NOXDEF)
      

   2. Build an ACID for the CA Disk auto-restore started task. If you call the ACID DMSAR, you can use the following TSO command:

      TSS CREATE(DMSAR) NAME('DMS AUTO-RESTORE')-
      FAC(STC) TYPE(USER) PASS(NOPW) -
      DEPT(deptname) MASTFAC(DMSOS)
      

   3. CA Disk uses the RACROUTE parameter STATUS=ACCESS under ISPF to determine if the user is authorized to perform Storage Administration functions. Due to CA ACF2 not allowing the use of STATUS=ACCESS by an unauthorized ISPF Dialog it is necessary to instruct CA ACF2 to allow the access and not abend the request with a S047 abend in module ACF9C000, by installing the following SAFDEF statement:

      INSERT SAFDEF.adsds1 RB(ADSMI002) NOAPFCHK
      RACROUTE(REQUEST=AUTH,CLASS=FACILITY,STATUS=ACCESS,ENTITY=STGADMIN.DMS.-)
      

      This will allow the CA Disk ISPF Dialog the ability to determine access to the FACILITY class profile without causing a violation or the S047 Abend. The operand of the ENTITY parameter (STGADMIN.DMS.-) may need to be changed if the default CA Disk Facility names are not used. The default value of SMSSTGAD is STGADMIN.DMS.STGADMIN which is the value ENTITY= in the sample SAFDEF shown previously.

   4. Connect the user ACID to the CA Disk Facility in the CA Top Secret STC record. If you call the ACID DMSAR, you can use the following TSO command:

      TSS ADDTO(STC) PROC(DMSAR) ACID(DMSAR)
      

   5. Connect each of your end-user ACIDs that might use auto-restore to the CA Disk Facility in the CA Top Secret STC record, or if you select to call the facility DMSOS, you can use the following TSO command:

      TSS ADD(DMSAR) FAC(DMSOS)
      

This section contains the following topics:

Installing the CA Top Secret Security Interface