Implementing External Security with CA Top Secret › Customize Resource Class with CA Top Secret

Previous Topic: How to Implement External Security with CA Top Secret

Next Topic: Define Profiles Based on Function for Validation

Customize Resource Class with CA Top Secret

The CA OPS/MVS parameter EXTSECCLASS determines the class name that is used to make SAF calls to authorize resources. EXTSECCLASS defaults to IBMFAC, which is a built-in class that is supplied with CA Top Secret.

We recommend using the DEFSAF REXX utility program to create your own resource class. You can have control over both UPDATE and READ access for CA OPS/MVS resources by defining your own resource class to CA Top Secret. After you define the resource class, specify that name on the EXTSECCLASS.

The following steps guide you through customizing CA Top Secret rules under a different resource class name.

Follow these steps:

  1. Run the supplied REXX utility DEFSAF.

    DEFSAF creates a TSS resource class for you.

  2. Define a new resource class named OPSCLS by executing the following example from the TSO command line: 
    TSO OX 'hql.REXX(DEFSAF)' RDT ACT(DEFINE) SAFCL(OPSCLS)
  3. Specify the new resource class name OPSCLS on the EXTSECCLASS parameter before starting CA OPS/MVS. For example: 
    EXTSECCLASS(OPSCLS)

Your CA Top Secret rules are customized under a different resource class name.