Note: Prior to activating the CA TLMS external security system, CA Top Secret Security Version 4.2, Level 9011 or higher must be installed.
The following steps are required for implementation of the CA TLMS external security system in a CA Top Secret Security environment:
Assign ownership of all entities to be protected. The following commands are used to perform this step.
TSS ADD(acid) CACMD(TLM) TSS ADD(acid) CACMD(TLL) TSS ADD(acid) CACMD(TLU) TSS ADD(acid) CACMD(TLR) TSS ADD(acid) CACMD(TLVMFU) TSS ADD(acid) CACMD(TLVMFR) TSS ADD(acid) CATAPE(NLRES) TSS ADD(acid) CATAPE(NLNORES) TSS ADD(acid) CATAPE(NSLRES) TSS ADD(acid) CATAPE(NSLNORES) TSS ADD(acid) CATAPE(BLPRES) TSS ADD(acid) CATAPE(BLPNORES) TSS ADD(acid) CATAPE(FORRES) TSS ADD(acid) CATAPE(FORNORES) TSS ADD(acid) PANEL(TLP****)
Permit users access as desired. Use the commands in one of the following syntax diagrams:
TSS PERMIT(user1) CATAPE(NLRES)
ACCESS[NONE|READ,UPDATE|ALL]
or
TSS PERMIT(user1) CACMD(TLR)
or
TSS PERMIT(user1) PANEL(TLPD) READ
The control option TAPE should be set to OFF in the CA Top Secret Security parameter file. This will prevent CA Top Secret Security from being invoked by MVS.
CA TLMS security option SECOPN=YES should be used. This eliminates the need to use supplied CA Top Secret Security code for user exit TLMSXOPN.
Activation of CA TLMS external security requires that proper authorization for resources being checked is established within CA Top Secret Security prior to activation of the CA TLMS external security options. It is not possible to deactivate CA TLMS external security options without changing the TLMSIPO member of CAI.CTAPOPTN, and then either performing a CAIRIM CA TLMS REFRESH or an IPL of the entire operating system. Obviously, a REFRESH is much easier than a system IPL.
|
Copyright © 2014 CA.
All rights reserved.
|
|