CA GTS executes as a started task in the operating system. It also needs access to its parameters. For individual features executing as clients to CA GTS, consult the client documentation.
If a site validates started tasks executing in the operating system, then a started task ID must be set. Use the name of the CA GTS started task as the user ID. No special attributes are needed.
If you have chosen a security class name that is not already defined to the security system, you will need to add that class name to the security tables. For example, if you have coded GSINIT(SECCLASS(CAGTSSEC)) then CAGTSSEC will need to be added to the SAF tables (RACF Class Descriptor Table, CA eTrust ACF2 SAFPROT Table, or TSS Resource Descriptor Table).
Individual CA GTS clients may cause GTS to call the SAF interface. When security checks are made by the clients or by CA GTS on behalf of clients, CA GTS will use the resource class identified in the GSINIT SECCLASS parameter. Resource rules will use the GSINIT SECPREFIX pre-pended to the client's resource name. Allowing SECCLASS and SECPREFIX permits multiple CA GTS systems in the operating environment and ensures that the different systems are performing unique security calls.
Individual clients of CA GTS may have their own security consideration, so it is encouraged that you refer to the CA GTS client documentation for security needs.
|
Copyright © 2013 CA.
All rights reserved.
|
|