The SECRTY option determines whether external security controls access to CA Ideal during signon. The format of this option is:
{Y}
SECRTY= {N}
SECRTY=Y-Specifies that an external security system controls access to CA Ideal (and any other SCF-based products using the same copy of SC00OPTS). If you do not specify this parameter, this option is the default.
A call to CAISSF (CA Common Services component) is invoked, determines what external security package is installed, and returns the external security ID that was used to signon to the TP monitor.
When you enter the standard signon transaction, the CA Ideal signon screen displays with the security ID in the User ID field. (If the security ID is not the same as the CA Ideal Person Name, you must define the security ID in the dictionary as an alias for the Person Name.) The User ID and Password fields on the signon screen are protected, so users cannot enter another name or password.
The external security systems that CA Ideal supports can prevent signon if the security system is unavailable or when a user is not defined to the security system. When the external security system is not set up to prevent signon in these circumstances (as frequently happens during initial security implementation), CA Ideal continues the signon process as if security were not enabled. In this case, the CA Ideal signon screen can display with the User ID and Password fields unprotected.
When you enter an express or transparent signon transaction, the security ID must match a Person Name or an alias for a Person Name in a CA Ideal User Definition. If the signon fails because the security system is not available or the user is not defined to the security system, the CA Ideal signon screen can display with the Person Name and Password fields unprotected. If this happens, CA Ideal security facilities control signon access.
A call to CAISSF is invoked to ensure the CICS user has access to the CA Ideal environment. This process is related to the SECPRFX option in IDOPTS described in the section titled Securing User Access by Region in this chapter.
SECRTY=N-Specifies that only internal CA Ideal security features control access to CA Ideal.
This option is a static option in the SC00OPTS module, which you can maintain in a protected data set. You can enter the options in any order. To change the SC00OPTS module, enter the values in the SCBOPTCB macro. If you change the SCBOPTCB macro, you must reassemble and link the SC00OPTS module and, in CICS, recycle CICS to enable the changes.
It is possible to signon to the TP monitor through a security package and still set SECRTY=N. This is not recommended. However, if configured in this fashion, it does require that the security package or other program propagate the TP monitor data CA Ideal requires.
When you enter a standard signon transaction, the CA Ideal signon screen displays with the TP monitor ID in the user ID. See the following chart for the particular TP monitor you are using. The User ID can be optionally protected through SCF option.
When you enter an express or transparent signon, the TP monitor ID is assumed to be the same as the Person name or user ID unless a default CA Ideal definition or alias is allowed.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|