Previous Topic: Setting Up Security for CAPNext Topic: How to Configure CA ACF2 for CAP

How to Enable Concurrent Action ProcessingHow to Enable and Secure Concurrent Action ProcessingSetting Up Security for CAPHow to Configure CA Top Secret for CAP

How to Configure CA Top Secret for CAP

For the CA, Inc. Event Notification Facility (CAIENF) to spawn the SPAWNPROC defined to the C1DEFLTS table, the task must be defined to your security software package with a corresponding default user ID. Using these definitions, CAIENF will start the spawned task. The task will start under the security context of the default user ID, but then switch security context to that of the user submitting the CA Endevor SCM job.

Important: In the following description ENDEVOR is used as both the SPAWNPROC started task name and its corresponding user ID. If your site already has user ID ENDEVOR defined as the alternate user ID, do not use ENDEVOR for your task name or task user ID. Instead, select a different value. The alternate ID (ALTID) is defined in the C1DEFLTS table as RACFUID=ENDEVOR.

If your site uses CA Top Secret security, complete the following steps:

  1. Define a new facility name ENDEVOR for CAP. To do this, add the following definitions to the Top Secret Security parameter file (specified by the PARMFIELD DD statement): 
    * USERnn FACILITY FOR
*
FAC(USERnn=NAME=ENDEVOR)
FAC(ENDEVOR=xxxx)

    Where 'xxxx' is any other facility control options to be set other than the defaults. The facility can be defined dynamically using the TSS MODIFY command. For example:

    TSS MODIFY(FAC(USERnn=NAME=ENDEVOR)) 
TSS MODIFY(FAC(ENDEVOR=xxxx))

    The TSS MODIFY command is only valid until the next recycle of CA Top Secret.

  2. Define a new ACID named ENDEVOR by entering the following command: 
    TSS CRE(ENDEVOR) NAME(endevor user-id?) TYPE(USER) FAC(STC,ENDEVOR) PAS(xxxx,0)
TSS ADD(ENDEVOR) FAC(STC)

    CA Top Secret recommends that all started task (STC) acids be given a password and that OPTIONS(4) be set in the CA Top Secret parameter file. OPTIONS(4) eliminates the prompt for a password when the STC starts. However, if someone tries to log on with the STC acid, that person will need to know the password.

    The NODSNCHK, NORESCHK, and NOSUBCHK bypass attributes on the ENDEVOR ACID may be required. If not, verify that the ACID is authorized to access all the files and resources it requires.

  3. Give the ENDEVOR ACID a MASTFAC definition by entering the following command: 
    TSS ADD(ENDEVOR) MASTFAC(ENDEV0R)
  4. Assign userid ENDEVOR as the default ACID for the CAICCI spawned task ENDEVOR by entering the following command: 
    TSS ADD(STC) PROCNAME(ENDEVOR) ACID(ENDEVOR)
  5. Grant each user of CA SCM for Mainframe access to the ENDEVOR facility by entering the following command: 
    TSS ADD(USER-ID) FAC(ENDEVOR

    Note: For more information about defining a new facility, see the CA Top Secret Security Control Options guide. For more information about the CRE and ADD commands, see the CA Top-Secret Security Command Functions guide.