There are two CA TLMS security options available at this intercept point; SECOPN= and SECCLS=. Both of these options are processed by the CA TLMS SVC at data set/volume OPEN and CLOSE.
Tells CA TLMS at data set OPEN to verify that the tape user is authorized to read or write the data set to be accessed. With this option set to YES, the IDSNVER= option is required to be set to YES, because both OPEN INPUT and OPEN OUTPUT data set checking are performed. CA Top Secret Security users can use this option in place of the OPEN user exit code that performed this same function in TLMSXOPN.
The information passed to the TLMSXSEC user exit and the system security component are:
CLASS=DATASET ENTITY=data.set.name VOLSER=volser ACCESS=CREATE (NEW) UPDATE (MOD) UPDATE (OLD) OPENED FOR OUTPUT READ (OLD,SHR) OPENED FOR INPUT
Tells CA TLMS to check data set DISP= at CLOSE (second DISP) and job abend (third DISP). The accessing data set user is checked for the ability to delete a file, as would be the case in normal processing for this JCL DISP: DISP=(OLD,DELETE). The user may have been authorized for read (first DISP), but not for scratch (second DISP). The third DISP value, if coded, is checked in the same way if the job or task abends. CA TLMS will not allow the data set to be deleted from the VMF when there are any conflicts in the user's authority and the data set being accessed.
The information passed to the TLMSXSEC user exit and the system security component are:
CLASS=DATASET ENTITY=data.set.name VOLSER=volser ACCESS=SCRATCH (,DELETE) or (,DELETE,DELETE) JCL DISP
|
Copyright © 2014 CA.
All rights reserved.
|
|