|
|
|
Local security profiles definition and processing is supported by all three of the z/OS external security managers. Local security profiles allow the security administrator the opportunity to fine-tune security processing parameters (for example: BES1.COMMANDS.PROTECT, BES8.KEYSYMM.AES128, and so on) and resources by limiting their scope to a specific BESn subsystem, for example, BES1. Like all other security profile definitions, local security profiles are defined and maintained in the CA@BES and OPERCMDS resource classes.
To differentiate from global security profiles, local security profiles must have the corresponding BESn subsystem number on the first node of the CA@BES or OPERCMDS entity, for example BES1.DISPLAY or BES8.COMMANDS.PROTECT, and so on.
Since local security profiles are tied to a specific BESn subsystem you must create a CA@BES or OPERCMDS entity for each BESn subsystem where you want to control access to a command, encryption key, or utility. If you determine you will be defining the same resource for multiple BESn subsystems, a global parameter should be considered.
All of the CA Tape Encryption system commands, encryption keys and utilities (TBEKMUTL & TBESHOW) can be defined at the local BESn subsystem level. This allows the security administrator the ability to permit access to resources running on a specific system. For a list of resources and processing parameters that can be defined at the local level, see the appendix “SAF Interface Parameter Reference List.”
Observe the following:
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |