We recommend that you implement user-based controls for logging to generate log entries when CA Top Secret uses the controls to determine what resources a user has accessed.
Business Value:
This practice lets you track user activity and ACID activity.
Additional Considerations:
You can log all activity for a user by using one of the following ACID attributes:
Specifies an audit ACID activity.
Activates a diagnostic trace on all ACID activity, such as initiations, resource access, violations, and user security mode.
Consider the role that special privileges play on an individual user level and their impact on logging. CA Top Secret for z/OS generates special log entries based on the following ACID privileges:
Specifies that no data set name checks are performed. CA Top Secret for z/OS bypasses all data set access security checks. Auditing occurs.
Allows an ACID to execute any command or transaction for all facilities, regardless of Limited Command Facility (LCF) restrictions. Auditing occurs. If the NOLCFCHK attribute is in an ACID, that ACID's terminal cannot be locked.
Allows an ACID to bypass security checking for all owned resources except data sets and volumes. Auditing occurs.
Allows an ACID to bypass alternate ACID usage as well as all job submission security checking. Associated ACIDs may submit all jobs regardless of the (derived) ACID on the job statement being submitted. Auditing occurs.
Allows an ACID to bypass volume level security checking. Auditing occurs.
More Information:
For a detailed discussion of user-based controls, see the CA Top Secret for z/OS Command Functions Guide.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|