Defining Security Protection Profiles in CA Top SecretKey Protection Profiles for CA Top Secret › ADDTO Command for Global and Local Key Permission Defaults on CA Top Secret

Previous Topic: Key Protection Profiles for CA Top Secret

Next Topic: ADDTO Command to Define a Specific Key for CA Top Secret

ADDTO Command for Global and Local Key Permission Defaults on CA Top Secret

Use the ADDTO command to define global and local permissions for all keys to CA Top Secret. This command indicates the default permissions for using all keys on the specified BES subsystem.

This command has the following format:

TSS ADDTO(department) CA@BES(BESn.KEYS.permissions)
TSS

Indicates a CA Top Secret command.

ADDTO

Specifies the ADDTO command. The short form of this command is ADD.

department

Specifies the department name that owns the BES resources.

CA@BES

Specifies the general resource class for CA Tape Encryption. This is always CA@BES.

n

Indicates the BES task number. If you specify BES with no subsystem identifier, the profile applies to all BES subsystems.

Note: If you do not specify a BES task number for this command, the profile is a global profile that applies to all BES subsystems. If you specify a BES task number, the profile is a local profile that applies to the specific BES subsystem.

KEYS

Specifies that this statement defines the default key permissions for the specified BES subsystem.

permissions

Specifies the permission setting. Options for this parameter are as follows:

PERMIT

Specifies that all keys are permitted for all users on the specified BES subsystem unless otherwise defined.

PROTECT

Specifies that all keys are prohibited to all users on the specified BES subsystem unless otherwise defined.

Example: Global permissions for all keys on all BES subsystems

This example specifies that all users are permitted to use any available keys on any BES subsystem.

TSS ADDTO(DEPT01) CA@BES(BES.KEYS.PERMIT)

Example: Global restrictions for all keys on all BES subsystems

This example specifies that no users are permitted to use any available keys on any BES subsystem unless otherwise defined.

TSS ADDTO(DEPT01) CA@BES(BES.KEYS.PROTECT)

Example: Local permissions for all keys on a specific BES subsystem

This example specifies that all users are permitted to use any available keys on BES1.

TSS ADD(DEPT01) CA@BES(BES1.KEYS.PERMIT)

Example: Local restrictions for all keys on a specific BES subsystem

This example specifies that no users are permitted to use any available keys on the specified BES subsystem unless otherwise defined.

TSS ADDTO(DEPT01) CA@BES(BES1.KEYS.PROTECT)