Authorize User IDs to Use a Specific Command

Implementing External Security with CA Top Secret › Authorize User IDs to Use a Specific Command

Authorize User IDs to Use a Specific Command

Group names are derived from the facility names that are associated with the security event that the group name protects. The resources of some facilities have READ access, other facilities have UPDATE access, and other facilities have both READ and UPDATE verbs. Therefore, the group names are encoded following this pattern:

Facility	Group Name
READ access only	The group name is the same as the facility name or derived from the facility name.
UPDATE access only	The group name is the same as the facility name or derived from the facility name.
READ and UPDATE access	The group name for update access is derived from the facility name for UPDATE. The group name for read access is derived from the facility name with an appended R.

Facility

Group Name

READ access only

The group name is the same as the facility name or derived from the facility name.

UPDATE access only

The group name is the same as the facility name or derived from the facility name.

READ and UPDATE access

The group name for update access is derived from the facility name for UPDATE.

The group name for read access is derived from the facility name with an appended R.

You can authorize a specific user ID or group of user IDs to use a particular CA OPS/MVS command either manually or using DEFSAF. The first procedure explains how to add authorizations manually. The second procedure explains how to execute the CA OPS/MVS REXX program DEFSAF.

Follow these steps:

Look up the command or function in Commands and Functions that Generate External Security. In the row where you find your command or function, make the following notes:
- The associated Facility name
- Whether your command includes verbs that generate either Read or Update access.
Find the corresponding row that matches both your Facility name and access value. In that row, make a note of the CA Top Secret profile name.
Permit the user ID or profile you want to authorize to the CA Top Secret resource.
Issue this CA Top Secret command to add your user IDs to the CA Top Secret profile name:
```
TSS ADDTO("userid") PROFILE(profile)
```
You have manually added your authorizations.

Follow these steps:

Look up the command or function in Commands and Functions that Generate External Security. In the row where you find your command or function, make the following notes:
- Note the associated Facility name.
- Note whether your command includes verbs that generate either READ or UPDATE access.
Find your access value and do the following tasks:
- If your access value is READ, then execute DEFSAF as follows:
```
DEFSAF <facility> ACT(PERMIT) SAFRO(<userid>)
```
- If your access value is UPDATE, then execute DEFSAF as follows:
```
DEFSAF <facility> ACT(PERMIT) SAFRW(<userid>)
```
  <facility>
  
  Specify the facility name.
  
  <userid>
  
  Specify the user ID or group you want to authorize.
Your user IDs are authorized.

Tell Technical Publications how we can improve this information