Implementing External Security with CA Top Secret › Define Profiles Automatically with DEFSAF

Previous Topic: Define Profiles Based on Function for Validation

Next Topic: Generate the SAF Resources with CA Top Secret

Define Profiles Automatically with DEFSAF

Profiles let you add and remove users from a single point for validation processing. You can automatically define CA Top Secret profiles with the DEFSAF REXX utility.

By default, the DEFSAF program defines SAF resource names and roles. If you decide not to use roles, specify the parameter GROUPS(N) on the DEFSAF utility. The resource names are still defined but the default group names are not generated.

Follow these steps:

  1. Log in to TSO.
  2. Access the DEFSAF REXX utility distributed in the opshlq.CCLXEXEC data set.
  3. Run DEFSAF from a CA Top Secret user ID that has sufficient privileges to create and modify users in the department that was created for CA OPS/MVS.

    Member DEFTSS is generated and contains the basic CA Top Secret commands for securing the processing environment under CA Top Secret.

  4. Review the example definitions in the member DEFTSS to verify that they meet the security requirements of your site.
  5. (Optional) Modify the example definitions by running DEFSAF again using different keywords to generate the definitions to meet the security requirements of your site exactly.

    See the comments in DEFSAF for information on using keywords to customize the definitions.

  6. Use the tailored definitions as batch input to CA Top Secret.

    Note: Member BATTSS in opshlq.OPS.CNTL is provided as a sample that allows submission of the member DEFTSS for batch execution.

Example: DEFSAF Execution

These examples generate the opshlq.OPSS.DEFSAF(DEFTSS) file containing all of the required resource definitions to begin using CA OPS/MVS external security with CA Top Secret.

Note: For a complete example of DEFSAF execution, see the data set member opshlq.OPSS.DEFSAF(DEFTSS).