Defining Security Protection Profiles in CA Top SecretCommand Protection Profiles for CA Top Secret › ADDTO Command for Defining Specific Commands in CA Top Secret

Previous Topic: ADDTO Command to Control Commands Globally or Locally in CA Top Secret

Next Topic: PERMIT Command for Command Protection Profiles in CA Top Secret

ADDTO Command for Defining Specific Commands in CA Top Secret

Use the ADDTO command to define a specific command to CA Top Secret for individual CA Tape Encryption console commands. You can specify this profile globally for all BES subsystems or locally for a specified BES subsystem.

Note: Unlike other resource definitions, command definitions for specific commands are defined in the OPERCMDS resource class.

This command has the following format:

TSS ADDTO(department) OPERCMDS(BESn.command_name.qualified_name)
TSS

Indicates a CA Top Secret command.

ADDTO

Specifies the ADDTO command. The short form of this command is ADD.

department

Specifies the department name that owns the BES resources.

OPERCMDS

Specifies the general resource class for console commands, OPERCMDS.

n

Indicates the BES task number. If you specify BES with no subsystem identifier, the profile applies to all BES subsystems.

command_name.qualified_name

Specifies the name of the command you want to manage, and the qualifying name of the command, if any. Options for this parameter are as follows:

COMPROMISE

Specifies the COMPROMISE= command.

DISPLAY

Specifies all forms of the DISPLAY command.

DUMP

Specifies the DUMP command.

MIGRATE

Specifies all forms of the MIGRATE= command.

PASSPHRASE

Specifies the RELOAD=PASSPHRASE command.

REFRESH.CAEKMAPI

Specifies the REFRESH=CAEKM_API_OPTIONS command.

REFRESH.CODEBOOKS

Specifies the REFRESH=CODEBOOKS command.

REFRESH.KEYRINGS

Specifies the REFRESH=KEYRINGS command.

REFRESH.NKMPARMS

Specifies the REFRESH=NKMPARMS command.

REFRESH.OPTIONS

Specifies the REFRESH=OPTIONS command.

REFRESH.SYMKEYS

Specifies the REFRESH=SYMKEYS command.

RELOAD

Specifies all forms of the RELOAD= command, except for the RELOAD=PASSPHRASE command.

SET.CONSOLE

Specifies the SET CONSOLE command.

SHUTDOWN

Specifies the SHUTDOWN command.

START.NKM

Specifies the START NKM command.

STOP.NKM

Specifies the STOP NKM command.

Example: Define a specific command for all subsystems for CA Top Secret

This example defines the RELOAD=PASSPHRASE command to CA Top Secret globally for all BES subsystems.

TSS ADDTO(DEPT01) OPERCMDS(BES.PASSPHRASE)

Example: Define a specific command for a specific subsystem for
CA Top Secret

This example defines the RELOAD=PASSPHRASE command to CA Top Secret locally for BES2.

TSS ADDTO(DEPT01) OPERCMDS(BES2.PASSPHRASE)

Example: Control access to the RELOAD commands for BES1 on CA Top Secret

This example uses the ADDTO command for CA Top Secret to control the use of all versions of the RELOAD command on BES1. If no associated PERMIT command is defined for this BES subsystem, users are restricted from using the RELOAD commands.

TSS ADDTO(DEPT01) OPERCMDS(BES1.RELOAD)

Example: Define the local security option for BES7 on CA Top Secret

This example uses the ADDTO command for CA Top Secret to specify that commands are protected on BES7. If you want to permit any users to run commands on BES7, you would have to define the command to BES7 with an RDEFINE command and grant access with a CA Top Secret PERMIT command.

TSS ADDTO(DEPT01) OPERCMDS(BES7.COMMANDS.PROTECT)