You may want to reevaluate your use of the IBM DSN3@SGN and DSN3@ATH exits that give users additional privileges through secondary IDs. The DSN3@SGN and DSN3@ATH exits associate secondary authorization IDs to primary authorization IDs. IBM supplies these as default and sample exits. CA Top Secret uses the sample exits provided by IBM. You may be able to use PROFILE ACIDs to completely eliminate the use of secondary authorization IDs. If you rely on PROFILE ACIDS instead of secondary IDs to determine a user's privileges, you do not need to remove these exits. You should, however, remove any of the CA Top Secret IBMGROUP resources associated with secondary IDs. For more information about replacing secondary authorization IDs with PROFILEs, see the “Evaluate Use of Secondary Authorization Ids” section.
|
Copyright © 2011 CA Technologies.
All rights reserved.
|
|