|
|
|
Use the ADDTO command to define a default command protection profile to CA Top Secret for all CA Tape Encryption console commands. You can specify this profile globally for all BES subsystems or locally for a specified BES subsystem.
This command has the following format:
TSS ADDTO(department) CA@BES(BESn.COMMANDS.permissions)
TSS
Indicates a CA Top Secret command.
Specifies the ADDTO command. The short form of this command is ADD.
Specifies the department name that owns the BES resources.
Specifies the general resource class for CA Tape Encryption. This is always CA@BES for default command protection profiles that apply to all commands.
Indicates the BES task number. If you specify BES with no subsystem identifier, the profile applies to all BES subsystems.
Specifies that this definition is for a command profile.
Specifies the permission setting. Options for this parameter are as follows:
Specifies that all the commands are permitted.
Specifies that all the commands are protected.
Note: CA Top Secret PERMIT statements are not necessary for ADDTO commands because this command is not used in determining access privileges. This command only sets the BES processing parameters.
Example: Define and permit all commands globally to all BES subsystems for CA Top Secret
This example defines a global command protection profile to CA Top Secret for the console commands for all BES subsystems, indicated by BES with no subsystem identifier, and permits the user of the resource to run these commands, indicated by COMMANDS.PERMIT. These permissions can be overridden by a protect option specified for a particular BES subsystem or a particular command.
TSS ADD(DEPT2) CA@BES(BES.COMMANDS.PERMIT)
Example: Define and restrict all commands globally to all BES subsystems for CA Top Secret
This example defines a global command protection profile to CA Top Secret for the console commands for all BES subsystems, indicated by BES with no subsystem identifier, and restricts the use of these commands by the department DEPT1. These permissions can be overridden by a permit option specified for a particular BES subsystem or a particular command.
TSS ADDTO(DEPT1) CA@BES(BES.COMMANDS.PROTECT)
Example: Allow all commands on a specific BES subsystem by defining a local definition for CA Top Secret
This example defines a local command profile to CA Top Secret for BES2, and uses the BES2.COMMANDS.PERMIT parameter to allow the use of all commands on that subsystem. These permissions can be overridden by a protect option specified for a particular command for this subsystem or by explicitly defining a command and not specifying access for a specific user in the CA Top Secret PERMIT command.
TSS ADDTO(DEPT1) CA@BES(BES2.COMMANDS.PERMIT)
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |