|
|
|
There is a distinction between a security officer and a security administrator. The security officer for z/OS is a senior CA Top Secret administrator and is typically an infrequent user of CA Identity Manager. However, the security officer is responsible for the z/OS security policies established and used with CA Identity Manager.
On the other hand, a designated security administrator manages a subset of the security management function. This subset depends on the management policy of the organization and may include the creation of new user accounts on various systems, the resetting of passwords, and so on. The capabilities of these security administrators (whether through CA Identity Manager or some other means) is guided by the security officer.
Because policies control the capabilities that a user has on a CA Top Secret security system, it is important that they be set up correctly to enforce the existing policies in your organization. The following sections discuss recommendations for using CA Identity Manager to create and manage your policies.
However, CA Identity Manager is not intended to be the primary interface for the experienced CA Top Secret administrator. An experienced CA Top Secret security administrator manages CA Top Secret better by using commands issued under TSO rather than working in the CA Identity Manager framework. Many functions are managed directly, and certain capabilities are only available through direct CA Top Secret commands. For those instances, we recommend that you implement the LDAP Directory Synchronization (LDS) option for CA Top Secret security (available in CA‑Top Secret Version 5.3 and above). This ensures that the information that is added into CA Top Secret outside of CA Identity Manager coincides with Identity Manager.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |