Implementing External Security with CA Top Secret › Add User Access to Product Resources

Add User Access to Product Resources

As the administrator, you need two users added to your CA Top Secret external security package with the following access privileges:

• User1 with READ access to address AOF (permitting safe verbs such as LIST)
• User2 with UPDATE access to address AOF (permitting all verbs)

Use one of the following methods to implement the needed access permissions to address AOF.

• Run the supplied DEFSAF REXX utility either with or without GROUPS as follows:
  • Execute the supplied REXX program DEFSAF without GROUPS(N):

    TSO OX ‘opshlq.CCLXEXEC(DEFSAF)’ OPSAOF ACT(PERMIT) SAFRO(user1)
    TSO OX ‘opshlq.CCLXEXEC(DEFSAF)’ OPSAOF ACT(PERMIT) SAFRW(user2)
    

  • Execute the supplied REXX program DEFSAF with GROUPS(N) to permit the access without using groups:

    TSO OX 'opshlq.CCLXEXEC(DEFSAF)' OPSAOF ACT(PERMIT) SAFRO(user1) GROUPS(N)
    TSO OX 'opshlq.CCLXEXEC(DEFSAF)' OPSAOF ACT(PERMIT) SAFRW(user2) GROUPS(N)
    

  Note: Be sure that you ran DEFSAF earlier in batch mode (BATCH=Y) to create the basic CA Top Secret owner and profiles.

• Issue the following CA Top Secret commands from TSO or from JCL:

  TSS ADDTO(user1) PROFILE(OPSAOFR)
  TSS ADDTO(user2) PROFILE(OPSAOF)
  

  Note: Be sure that you ran DEFSAF earlier in batch mode (BATCH=Y) to create the basic CA Top Secret owner and profiles.

• Issue the following CA Top Secret commands to permit a rule for OP$MVS.OPSAOF to accessor IDs user1 and user2. User1 is given READ access and user2 is given UPDATE access to the resource:

  TSS PERMIT(user1) IBMFAC(OP$MVS.OPSAOF) ACCESS(READ)
  TSS PERMIT(user2) IBMFAC(OP$MVS.OPSAOF) ACCESS(UPDATE)