Using Your Security System › Command Protection Profiles › General Considerations for Command Protection

General Considerations for Command Protection

Keep in mind the following points for managing command protection:

• The security definitions for each protected BES system command reside in the OPERCMDS resource class with individual permissions based on that resource name and group.
• CA ACF2 supports only the definition and control of local command resource profiles.
• Regardless of the access levels assigned to individual ACIDs, CA Top Secret requires an additional PERMIT statement for each command profile defined. This PERMIT statement should grant the ACID defined on the BES.TSS.ACID parameter an access level of at least (READ).