Valid on z/OS, z/VM, and z/VSE.
Use the FACILITY keyword to:
When used with ADMIN, this keyword has the following format:
TSS ADMIN(acid) FACILITY(facility name(s))
When used with ADDTO, this keyword has the following format:
TSS ADDTO(ACID|ALL) FACILITY(fac,fac,.... | ALL)
When used with PERMIT, this keyword has the following format:
TSS PERMIT(acid) resource(prefix(es))
FACILITY(facility name)
If the FACILITY keyword is not specified in a PERMIT function, CA Top Secret allows the user to access the resource from any facility that is authorized for that user.
Note: Specifying the FACILITY keyword on a PERMIT command does not require the administrator to have authority to grant an ACID signon ability to the facility. Therefore, an administrator may enter this command even though the administrator does not have authority for the facility name. However, the administrator must have XAUTH authority for the resource class.
Facilities listed as operands must reside in the site's Facilities Matrix Table. This is done by specifying the ACTIVE sub-option of the FACILITY control option for that facility.
The control options that can be used with FACILITY are:
FOR or UNTIL
TIME and/or DAY; TIMEREC and/or CALENDAR
FAIL, NOTIFY, AUDIT, DENY
SYSID
Note: You can also control mode by facility for an individual user by using the FACILITY keyword on a TSS PERMIT command. For example:
TSS PERMIT(USER01) MODE(WARN)
FACILITY(BATCH,TSO)
This keyword is used with:
This example authorizes user NJ014 to access both z/VM and TSO:
TSS ADDTO(NJ014) FACILITY(VM,TSO)
This example authorizes USER05 to sign on to CICS on Monday, Wednesday, and Friday from the hours of 9 a.m. to 5 p.m. for the next 10 days and to audit the ACID's activity:
TSS ADDTO(USER05) FACILITY(CICS)
DAYS(MON,WED,FRI)
TIMES(9,17)
FOR(10)
ACTION(AUDIT)
This example authorizes a user to access all facilities currently active in the installation:
TSS ADDTO(acid) FACILITY(ALL)
Note: This authorization also gives the user access to all subsequently added facilities.
This example removes access to a facility:
TSS REMOVE(NJ014) FACILITY(TSO)
Note: If NJ014 had been authorized to access all facilities via TSS ADDTO(acid) FACILITY(ALL), this command would not remove access to the TSO facility. Instead use ACTION(DENY).
This example authorizes a user to access all facilities except CICSPROD:
TSS ADDTO(ACID) FACILITY(ALL)
TSS ADDTO(ACID) FACILITY(CICSPROD)
ACTION(DENY)
This example allows all users to access the TSO facility between the hours of 9 a.m. and 5 p.m:
TSS ADDTO(ALL) FACILITY(TSO)TIME(09,17)
This example allows the user to use the TSO facility, but only on the system that has an SMFID of TSO1:
TSS ADD(useracid) FACILITY(TSO) SYSID(TS01)
This example allows user ED001 to have READ access (default) to tutorial data sets through both TSO and BATCH:
TSS PERMIT(ED001) DSNC(TUTORIAL.DATASET)
ACC(READ)
FAC(TSO,BATCH)
In this example, an SCA gives an administrator the authority to create and maintain ACIDs for CICS users:
TSS ADMIN(BOSSVCA) ACID(CREATE,MAINTAIN)
FACILITY(CICSPROD,CICSTEST)
This entry allows the TSS administrator to create ACIDs for CICS users or profiles, and would allow the administrator to use various TSS functions (for example ADDTO, MOVE, and RENAME) to maintain those ACIDs.
CA Top Secret does not check an administrator's facility authority when the administrator specifies a FACILITY within a TSS PERMIT function.
Note: Specifying ALL gives the security administrator the authority to add any facility to an ACID.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|