In FAIL mode, CA Top Secret protects all undefined data sets, but only if z/OS requests security validation. In Alwayscall environments (OS/390/SP with DFP 1.1, or OS/390/XA with DFP 1.2, and all ICF catalogs), z/os calls CA Top Secret to validate access requests to data sets. In all other z/OS environments, CA Top Secret is called only if the RACF bit is set in the VTOC, or catalog entry describing the data set. The state of this bit for any or all data sets can be interrogated with the CA Top Secret utility TSSPROT with the SIM option. All data sets created under CA Top Secret have the RACF bit turned on to ensure that security is always called.
In IMPL mode, access to undefined data sets is controlled with the DEFPROT attribute in the DATASET RDT entry. With DEFPROT set, undefined data sets are treated as in FAIL mode. If NODEFPROT is set, undefined data sets are not protected. In either case, CA Top Secret is only called to validate the request as previously described.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|