Transactions in the TRANID Bypass list bypass transaction security checking. Through logging, you can identify users that have executed transactions in the list without the necessary resource authorization. You can then establish the necessary authorizations for the users and remove the transaction from the bypass list on the CICS facility.
Note: For logging to take place, transactions in the TRANID Bypass list (and their secondary resources) must be owned.
The process is as follows:
For example, you want to add transaction FILX to the list. FILX accesses file FILEA (a secondary resource), and FACMATRIX=YES, XFCT=YES, and DSNCHECK=NO are set on the CICS facility definition in CA Top Secret. You can own FILX and FILEA by issuing the following command:
TSS ADD(dept) OTRAN(FILX) TSS ADD(dept) FCT(FILEA)
TSS MODIFY FACILITY(CICSPROD=BYPADD(TRANID=transaction_name+A))
The TSSUTIL report lists the violations. You need to accumulate enough data to determine which ACIDs need to be permitted to the transaction and resources.
TSS MODIFY FACILITY(CICSPROD=BYPREM(TRANID=transaction_name))
Example: TRANID Bypass List with Added Transactions
In this example, the CSMI and FILX transactions have been modified with the (+A) extension:
TSS9550I FACILITY DISPLAY FOR CICSPROD TSS9570I BYPASS TABLE DISPLAY FOR FACILITY CICSPROD TSS9571I RESOURCE=LOCKTIME BYPASS NAMES: TSS TSS9571I RESOURCE=TRANID BYPASS NAMES: CAQP CATA CATD CATP TSS9572I CATR CAUT CCIN CCMF CDBD CDBN CDBO CDBT TSS9572I CDTS CECS CEGN CEHP CEHS CESC CESF CESN TSS9572I CFTS CGRP CITS CLQ2 CLR1 CLR2 CLS3 CLS4 TSS9572I CMPX CMTS CNPX COVR CPLT CPMI CQPI CQPO TSS9572I CQRY CRDR CRMD CRSQ CRSR CRSY CRTE CRTR TSS9572I CSAC CSCY CSFU CSGM CSGX CSHR CSIR CSJC TSS9572I CSKP CSLG CSMI+A CSM1 CSM2 CSM3 CSM4 CSM5 TSS9572I CSNC CSNE CSPG CSPK CSRK CSPP CSPQ CSPS TSS9572I CSRS CSSC CSSF CSSN CSSX CSSY CSTA CSTB TSS9572I CSTE CSTP CSTT CSXM CSXX CSZI CVMI CVST TSS9572I CWTR CXCU CXRE CXRT TS 8888 9999 .... TSS9572I .... .... .... .... .... CFTL CFSL CKTI TSS9572I CKAM CFCL CIOD CIOF CIOR CIRR CJTR CSHA TSS9572I CSHQ CSOL CTSD CWBG CWXN CDBF CEX2 CFQR TSS9572I CFQS CSFR CSQC CDBQ CRMF CLSG CFOR CJMJ TSS9572I CLS1 CLS2 CPIH CPIL CPIQ CRTP CWXU CPIR TSS9572I CPIS CISC CISD CISE CISR CISS CIST CJGC TSS9572I CJPI CISB CEPD CEPM CISQ CISU CISX CIS4 TSS9572I CRLR CISM CEPF CPSS CJSR CESL CISP CIS1 TSS9572I CJSL CRST CPCT CFCR CJLR FILX+A TSS9571I RESOURCE=TRANID PROTECT NAMES: CEDF TSEU
Example: Logging That Shows Transaction Execution Violations
In this example, CSMI and FILX transaction execution results in logged violations:
05/09/07 11:19:59 XE56 C230AOR CTS230A K F DFHMIRS EXECUTE NONE *08*-88 +CSMI FILE
05/09/07 11:19:59 XE56 LUGBR06 CTS230A K F DFHMIRS EXECUTE NONE *08*-88 Q +CSMI PGMFILE
S0006051 A56L810
05/09/07 11:19:59 XE56 LUGBR06 CTS230T C F PGMFILX EXECUTE NONE *08*-88 +FILX FILEA
S0006050 A56L810
05/09/07 11:19:59 XE56 C230AOR CTS230A K F DFHMIRS READ NONE *08*-88 F +FILEA
S0006051
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|