|
|
|
You associate the data set selection profile with its associated encryption parameter by issuing the CA Top Secret PERMIT command. The actual data set encryption profile is contained within the APPLDATA field of the PERMIT command. When issuing the PERMIT command, an ACID field must be specified. For CA Tape Encryption data set selection profiles, the ACID on this form of the PERMIT command will be the ACID of the user submitting or running the job. Also, the resource name on the PERMIT statement can be used to add granularity by allowing you to further qualify the data set name and match a specific encryption parameter to a specific data set (fully-qualified or discrete) or group data sets (generic).
Note: A PERMIT command must be issued to associate the data set selection profile with its required encryption parameter and to further define the data set name. If this step is omitted, or an incorrect PERMIT statement is defined, CA Tape Encryption will not select the data set or data sets using CA Top Secret. Two PERMIT commands are required, the first is to PERMIT the ACID specified on BES.TSS.ACID access to read the data set selection profile and the second PERMIT is to grant the ACID of the user submitting the job access to the profile.
TSS PERMIT(acidname) CA@BES(DSN.data_set_name) ACCESS(READ) +
APPLDATA('BESn=(encryption_parameter'))
Indicates a CA Top Secret command.
Specifies the PERMIT command.
Specifies the accessor ID assigned to the job.
Specifies the general resource class for CA Tape Encryption. This is always CA@BES for data set selection profiles.
Indicates the entity is the generic data set selection profile.
Specifies the discrete, fully-qualified, or generic data set name to be encrypted.
Specifies the encryption key to encrypt the data set. The encryption parameter must be coded using the format for symmetric keys, code books, or digital certificates.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |