Using Your Security System › Utility Protection Profiles › General Considerations for Utility Protection

General Considerations for Utility Protection

Keep in mind the following points for managing utility protection:

• If using PERMIT processing, you only need to define utility keys that you need to protect.
• For PROTECT processing, you must specify the permission for each user that is granted access to the CA Tape Encryption utilities.
• CA ACF2 supports only the definition and control of local utility resource profiles.
• Regardless of the access levels assigned to individual ACIDs, CA Top Secret requires an additional PERMIT statement for each utility profile defined. This PERMIT statement should grant the ACID defined on the BES.TSS.ACID parameter an access level of at least (READ).
• To execute the TBEKMUTL symmetric key management utility when security profiles are in effect, the user must have access to the MIGRATE command. If you have security access that allows you to issue the MIGRATE command, then you also have permission to run the TBEKMUTL utility as a batch job.
• To execute the TBESHOW system resource display utility when security profiles are in effect, the user must have access to the TBESHOW utility. This permission should also be granted to the CA Vantage GMI utility. To grant permission to both utilities, permit users to the BESn.UTILITY.TBESHOW profile.
• Application Management protection profiles allow you to control which users can access the CA Encryption Key Manager Option for Application Management.