MASKREC Keyword—Overlay FCT Values

Keywords › MASKREC Keyword—Overlay FCT Values

MASKREC Keyword—Overlay FCT Values

Use the MASKREC keyword in conjunction with SELECT and RECORD SDT specifications to overlay the values on file for an FCT and thus provide field‑level protection under Record Level Protection (RLP). When MASKREC is supplied for an FCT PERMIT, SELECT is also required. The association with RECORD is implicit by matching the FCT resource‑name with the RECORD.

The administrator can:

Specify the same access levels associated with an FCT resource: SET, INQUIRE, ALL, BROWSE, DELETE, NONE, READ, and UPDATE. If ACCESS is not specified, CA Top Secret defaults to READ access.
Use any of the following methods to control access: Expiration, Facility, Time/Day, and Actions.

This keyword has the following format for PERMIT/REVOKE:

TSS PERMIT(acid) FCT(oper)
                 ACCESS(access‑level)
                 MASKREC(mask‑name)
                 SELECT(selread)

Capacity of list: One MASKREC and SELECT statement per TSS command
mask‑name: Specifies the SDT MASKREC name applied to the PERMIT.
selread: Specifies the SDT SELECT name used as the selection process for all file accesses.

This keyword is used with:

The ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, and MSCA
MISC3(SDT) authority

Examples: MASKREC keyword

This example gives ALL access on the FCT(PAY) provided that the SELECT logic defined for ISDEPT interpreting field names with RECORD(PAY) is TRUE. The fields defined for MASKREC(CRYPT1) are overlaid with the mask‑characters specified to prevent users from seeing these fields.

TSS ADDTO(SDT) MASKREC(CRYPT1)
               MASKDATA(PAY,PACKED,110,6,000000)

TSS PERMIT(USR01) FCT(PAY)
                  ACCESS(ALL)
                  MASKREC(CRYPT1)
                  SELECT(ISDEPT)

This example revokes access:

TSS REVOKE(USR01) FCT(PAY)