|
|
|
There is a distinction between a security officer and a security administrator. The security officer for z/OS is a senior CA Top Secret administrator and is typically an infrequent user of CA IdentityMinder. However, the security officer is responsible for the z/OS security policies established and used with CA IdentityMinder.
On the other hand, a designated security administrator manages a subset of the security management function. This subset depends on the management policy of the organization and may include the creation of new user accounts on various systems, the resetting of passwords, and so on. The capabilities of these security administrators (whether through CA IdentityMinder or some other means) is guided by the security officer.
Because policies control the capabilities that a user has on a CA Top Secret security system, it is important that they be set up correctly to enforce the existing policies in your organization. The following sections discuss recommendations for using CA IdentityMinder to create and manage your policies.
However, CA IdentityMinder is not intended to be the primary interface for the experienced CA Top Secret administrator. An experienced CA Top Secret security administrator manages CA Top Secret better by using commands issued under TSO rather than working in the CA IdentityMinder framework. Many functions are managed directly, and certain capabilities are only available through direct CA Top Secret commands. For those instances, we recommend that you implement the LDAP Directory Synchronization (LDS) option for CA Top Secret security (available in CA‑Top Secret Version 5.3 and above). This ensures that the information that is added into CA Top Secret outside of CA IdentityMinder coincides with CA IdentityMinder.
| Copyright © 2013 CA. All rights reserved. |
|