Introduction

This section contains the following topics:

Using Command Functions

Command Syntax

Entry Methods

Online Processing of Commands

Administrative Authority

Generic Prefixing

Using Command Functions

Security administrators use CA Top Secret command functions to communicate their administrative requirements to CA Top Secret. These requirements can range from the creation of an ACID to the definition of resource ownership.

CA Top Secret command functions are independent of the system facility. The security administrator uses command functions in the same manner, regardless of whether the facility is TSO, CICS, BATCH, CA‑Roscoe®, IMS, or CA‑IDMS®.

Command Syntax

CA Top Secret command syntax has the following format:

TSS FUNCTION(ACID|ACIDS|ALL|APPLU|AUDIT|DLF|FDT|MLSSTC|NDT|RDT|SDT)
    KEYWORD(OPERAND)[/* COMMENTS */]

TSS

CA Top Secret commands always begin with TSS.

FUNCTION

Specifies the function CA Top Secret performs. The rules for the function are:

The function must immediately follow the TSS
There can be one function only per TSS command
One or more spaces must be entered between TSS and the function

ACID|ACIDS|ALL|APPLU|AUDIT|DLF|FDT|MLSSTC|NDT|RDT|SDT

Specifies the ACID being affected by the function.

KEYWORD

Specifies the resource type or security attribute being processed by the function. The rules for the keywords are:

Keywords can be entered in any order.
Keywords must be entered in full. Some keywords will not work if shortened.
Keywords can be entered from line to line without special action.
The last keyword on a continuing line must be followed by a blank and a dash. The next keyword can be entered on the next input line.

OPERAND

Specifies the prefix, resource name, required value, or name for a security attribute. The rules for operands are:

Operands must be provided
() is required to indicate no value
If an operand is missing, any following keyword is ignored

COMMENTS

Enter comments at any point in a command after the first keyword.

The rules for comments are as follows:

Comments must begin with /*.
Comments should end with */, but this requirement may not apply to all cases.
If a comment is not terminated with */ AND, the command line ends without a dash and the command and comment are considered complete.
Comments may appear anywhere after the first KEYWORD and may be followed by additional keywords provided the closing */ exists.
Comments are maintained on the command when logged to the Recovery File. This tool may be useful for documenting the reason the administration was performed.

Entry Methods

CA Top Secret functions can be entered freeform onto the command screen of an online terminal, or into any of the CA Top Secret administration panels.

Example: command syntax

This example creates the user USER01 with all of their required properties:

TSS CREATE(USER01) TYPE(USER)
                   NAME('H.PARKER')
                   PASSWORD(1234,30,EXPIRE)
                   SOURCE(GRAF0076)
                   PROFILE(BUDGET,TAXES,CRIME)
                   DSNAME(SYS.01)
                   DEPARTMENT(DEPTB01)

Access Administration Panels

TSS command functions can be entered and changed using the CA Top Secret full‑screen administration panels, if the TSO installation uses IBM's System Productivity Facility (SPF or ISPF), or if the administrator is running under CMS. These panels provide the administrator with a fill‑in‑the‑blank application for the TSS command.

To access the CA Top Secret selection panel

Access the ISPF/PDF Primary Option Menu.

Enter the option identifier corresponding to CA Top Secret security into the OPTION field of the ISPF Menu.

The system displays the CA Top Secret Selection Panel:

P000001           Security Administration Main Menu          CA TOP SECRET
===>                                                                         
                                                                              
                                                                              
Concerning Me...                       Resource Administration                
  1  Who am I?                          21  Assign/remove resource ownership  
  2  Lock my terminal                   22  Permit/revoke resource access     
  3  Unlock my terminal                 23  Display resource access/ownership 
                                        24  Certificate Management processing 
ACID Administration                                                           
 11  Create ACID                       CA TOP SECRET System Administration    
 12  Change ACID attributes             32  Modify security tables            
 13  Assign administrative authority                                          
 14  Display ACID information, REFRESH ACID                                   
 15  Acid Compare/Modeling                                                    
                                                                              
Options for TSS Administration Session                                        
                                                                              
   ( _ ) List after successful command                                        
   ( _ ) Clear after successful command                                       
   ( _ ) Display TSS command text            
                                 
PF1= Help     2= Defaults 3= End       4= Return    5=           6=  
PF7= Up       8= Down     9=          10=          11=          12=

Online Processing of Commands

When an ACID enters a CA Top Secret command function, CA Top Secret:

Parses the entry for the correct syntax
Determines if the ACID contains the proper administrative authority and scope to enter the command function
Executes the command

Command Response Messages

Command functions cause CA Top Secret to issue a variety of messages. For information, see the Messages and Codes Guide.

If a command is successful, CA Top Secret issues the message:

TSS0300I xxxx FUNCTION SUCCESSFUL.

If a command fails CA Top Secret issues the message:

TSS0301I xxxx FUNCTION FAILED, RETURN CODE = XX

XX

Specifies the return code. Possible values are:

4—Syntax error or not authorized for this function
8—Functional Error (such as data set not found) or insufficient administration authority
16—Unexpected Error (message TSS0390E will also be issued)

Message TSS0301I is followed by a message in the TSS0200 series that explains the cause of the problem.

Administrative Authority

CA Top Secret processes only command functions (with the exceptions of HELP and WHOAMI) issued by ACIDs who have administrative authority. This administrative authority is limited to the scope of the administrator.

Generic Prefixing

Generic prefixing, designated with a (G), allows the administrator to identify multiple VMUSER IDs. This is used with:

The PERMIT command
The ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, MSCA, and ALL
CPCMD(XAUTH)

Example: generic prefixing

This example permits a System's Programmer to use the spooling command CHANGE for files belonging to any user ID prefixed with TDG:

TSS PERMIT(SYSPROG) CPCMD(CHANGE)
                    VMUSER(TDG(G))