Resource Cache Processing

Implementing Security › Using Resource Caching › Resource Cache Processing

Resource Cache Processing

When a resource validation is required, CA Top Secret scans the terminal's resource cache for the requested resource before asking the host CA Top Secret system to perform the validation. If the requested resource name does not match one of the resource cache entries, or if AUDIT is set and the cache entry is marked for audit, the host is asked to perform a normal resource validation. The result of the host resource validation determines whether the resource is added to the resource cache.

If the user is allowed access to the resource, CA Top Secret adds the current resource as a new entry to the cache buffer.
If the resource cache is too full to accept another allowed resource, the least frequently accessed entry in the cache is dropped to make room for the new entry.
If the user is flagged for AUDIT, if the resource name is in the AUDIT record, or if the resource class is flagged for AUDIT, and CICSCACHE has been set for AUDIT, then the AUDIT flag is set for that resource in the cache, to remind the security product that a full resource check is required on the next access.
If the result of the host resource validation is to deny access, the resource cache is not updated and normal violation processing takes place.
If a requested resource is found in the cache, CA Top Secret assumes that access is allowed, but security processing (password verification) is still performed. However, certain permission restrictions will not be checked, as described above.
If host resource validation is done in WARN mode and a user is not allowed to access a resource, the resource is not added to the cache if such validation would otherwise fail when running in FAIL mode.