Previous Topic: Defining Resource TypesNext Topic: CA Top Secret Security Setup

Security System InterfaceCA ACF2 Security SetupDefining Access Rules

Defining Access Rules

Once the Resident Directory has been refreshed, you may define the access rules. The following are samples of the commands used:

$KEY(TLM***) TYPE(CAC)
UID(xxxxxxxx) ALLOW

Repeat the above commands as required, specifying $KEY for each of the following. If there are individual commands that are to be controlled, replace asterisks (***) with the command name.

(TLM***)

Maintenance command access

(TLL***)

Librarian command access

(TLU***)

Update command access

(TLR***)

Read or Inquiry command access

(TLVMFU)

Bypass DSN check for Update access

(TLVMFR)

Bypass DSN check for Inquiry access

Below are sample commands for command processing. There are no service levels for command processing; access is either ON or OFF.

$KEY(TLR***) TYPE(CAC)            (Allow all users access to
UID(*) ALLOW                       read/inquiry commands.)

$KEY(TLU***) TYPE(CAC)            (Allow all TSO users access to
UID(T-) ALLOW                     update commands.)

The following is a list of all resources for the CATAPE type:

$KEY(NLRES)

Label=NL, defined to CA TLMS

$KEY(NLNORES)

Label=NL, not defined to CA TLMS

$KEY(NSLRES)

Label=NSL, defined to CA TLMS

$KEY(NSLNORES)

Label=NSL, not defined to CA TLMS

$KEY(BLPRES)

Label=BLP, defined to CA TLMS

$KEY(BLPNORES)

Label=BLP, not defined to CA TLMS

$KEY(FORRES)

EXPDT=98000, defined to CA TLMS

$KEY(FORNORES)

EXPDT=98000, not defined to CA TLMS

Examples

This is an example of the rule to allow all users read access to NL tapes controlled by CA TLMS:

$KEY(NLRES) TYPE(CAT)
UID(*) SERVICE(READ) ALLOW

This is an example of the rule to allow all users read access to BLP tapes that are not controlled by CA TLMS:

$KEY(BLPNORES) TYPE(CAT)
UID(*) SERVICE(READ) ALLOW

The following is a list of resources for PANEL type:

$KEY(TLP****)
UID(*) SERVICE(READ) ALLOW

Examples

This is an example of the rule to allow all users access to the data set detail panel DS02. Access to data select panel (DS01) is required also.

$KEY(TLPDS**) TYPE(PAN)
UID(*) SERVICE(READ) ALLOW

Usage Notes

CA ACF2 Security philosophy prescribes that all resources are protected by default. Activation of CA TLMS external security requires that proper authorization for resources being checked is established within CA ACF2 Security prior to activation of the CA TLMS external security options. It is not possible to deactivate CA TLMS external security options without changing the TLMSIPO member of CAI.CTAPOPTN, and then either performing a CAIRIM CA TLMS REFRESH or an IPL of the entire operating system. Obviously, a REFRESH is much easier than a system IPL.