|
|
|
This sample scenario shows how to create a command protection profile for CA Top Secret to permit all users to run all DISPLAY commands and to control access to the RELOAD commands. The first ADDTO statement indicates that all users are permitted to use the DISPLAY commands on all BES subsystems. The second ADDTO statement indicates that we want to control the use of the RELOAD=PASSPHRASE command on BES1. The third ADDTO statement indicates that we want to control the use of all RELOAD commands on BES2. The first PERMIT statement grants access to user SECADMIN to run the RELOAD=PASSPHRASE command on BES1. The second PERMIT statement grants access to the user SECADMIN to run all the RELOAD commands on BES2. The third PERMIT statement grants access to the user SYSADM01 to run all the RELOAD commands on BES2.
TSS ADDTO(DEPT01) CA@BES(BES.COMMANDS.DISPLAY) TSS ADDTO(DEPT01) OPERCMDS(BES1.PASSPHRASE) TSS PERMIT(SECADMIN) OPERCMDS(BES1.PASSPHRASE) ACCESS(READ) TSS ADDTO(DEPT01) OPERCMDS(BES2.RELOAD.**) TSS PERMIT(SECADMIN) OPERCMDS(BES2.RELOAD.**) TSS PERMIT(SYSADM01) OPERCMDS(BES2.RELOAD.**)
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |