|
|
|
This sample scenario shows how to control key protection using the ADDTO and PERMIT commands on CA Top Secret. You might want to use a profile similar to this one to control the use of keys that require significant processing overhead. You can permit users to access most keys while restricting the use of a few keys.
The first ADDTO statement permits all users to access any available key on any BES subsystem. The second ADDTO statement indicates that you want to control access to the symmetric key named AES256_KEY on BES1. The PERMIT statements indicate that only users SECADMIN and SYSADMIN are permitted to use this key on BES1. Because the first ADDTO statement defines the default behavior for key protection, any users can use any available keys on any active subsystem except BES1.
TSS ADDTO(DEPT01) CA@BES(BES.KEYS.PERMIT)
TSS ADDTO(DEPT01) CA@BES(BES1.KEYSYMM.AES256_KEY) TSS PERMIT(SECADMIN) CA@BES(BES1.KEYSYMM.AES256_KEY) ACCESS(READ) TSS PERMIT(SYSADMIN) CA@BES(BES1.KEYSYMM.AES256_KEY) ACCESS(READ)
If you wanted to control access to AES256_KEY on other BES subsystems, you would have to create an ADDTO statement and a PERMIT statement for each subsystem, for example BES2, BES3, and so on.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |