Enhancements to Existing Features › Components › Security › Security Reports

Security Reports

The External Security section can be optionally included in a security report.

Example:

//SYSIN    DD  *
REPORTS=(GRPDET=DEFAULT)
SECTIONS=(JOBS,CMDFLDS,EXTERNAL)
/*

In releases before Release 13.9, the External Security section was always included in the report.

Security Utility

A new utility is available to allow User Groups to be copied from one security data set to another.

Sample JCL can be found in SYSVIEW.DEV.BASE.SAMPLIB(USERLIBS).

External Security Considerations

Commands have been added to CA SYSVIEW in this release. More external security rules could be required.

• Modify any existing rules and profiles for the JES2 SPOOL resource if they were not generic enough to allow access to all spool volumes.

  The entity:

  SV.RESN.<system>.SPOOL.<JES2_ssid>.<2-byte_spool_volume_suffix>
  

  Changed to:

  SV.RESN.<system>.SPOOL.<JES2_ssid>.<6-byte_spool_volume>
  

• The sample SAF exits SAFSECX and JSPLSECX are no longer supported. The SAF entity checking is now internal to CA SYSVIEW. You enable the SAF entity checking by defining a SAF entity class. You can define this class in the External Security Section of the internal security group for the user, or in the GLOBAL group.

  You can call the pre-SAF notification exit before calling SAF. CA SYSVIEW passes the class name and entity name to the exit.

  Note: For more information, see the Security Guide.

• SAF resource calls can now be suspended for a specific resource type. Previously, the ability to suspend all resource calls could be done by granting a user read access to the entity SV.SUSP.<system>.RESN. Now, a specific resource type can be suspended by granting a user read access to the entity SV.SUSP.<system>.RESN.<resource>.

  Code the following suspend rule to suspend all resource checking for the output class a job on the spool is in:

  SV.SUSP.<system>.RESN.OUTCLASS
  

• A new SAF Generator Utility can be used to generate template profiles, or rule definitions that are based on your external security manager.

  Sample JCL to execute the utility is located in:

  SYSVIEW.DEV.BASE.SAMPLIB(GSVUSAFE)
  

  For more information, see the following help topic Implementing External Security (SAF).

Commands Enhanced

The following enhancements have been made to existing commands.

SECURITY

• Security Miscellaneous section

  The Miscellaneous Section of a CA SYSVIEW security user group controls user access to commands that have been defined in multiple command groups.

  • Option: Timeout value (Minutes)

    The amount of time a CICS or VTAM session can be idle before the session is automatically terminated.

    The value is in minutes. A value of 0 (zero) specifies there is no time limit.

    For example, suppose the timeout value is 5. If a user in this group logs in and the user does not enter any input for 5 minutes, then the session is terminated.

    Default: 240

    In previous releases, the default was 0.

• Security Administration - The external security section.

  The External Security Section of a CA SYSVIEW security user group contains the following new option to control external security requests:

  • Option: Bypass internal security call

    Specify a value of YES if you want only the external security determining access. The Internal security is not called before the external security. Access that internal security failed, the external security does not override and allow. This option allows you to use the external security exclusively without having to allow all access in the DEFAULT internal security group.

    Note: When you set this option, Command Groups you defined in the internal security do not participate in determining command and subcommand access.

    Default: No