Control options are categorized as follows:
Includes any control option that changes the security environment. Any non-MCSA user who attempts to change or specify restricted options at the O/S console must supply the name and password (in ACID/password format) of an ACID that contains the CONSOLE attribute or PRIVILEG access to TSSCMD.ADMIN.MODIFY in the CASECAUT resource class.
Requiring this information allows operations supervisors or CA Top Secret administrators to specify control options. It also leaves an audit trail that leads directly to the ACID under which the specification was made.
PRIVILEG access is granted through the following command:
TSS PERMIT(acid) CASECAUT(TSSCMD.ADMIN.MODIFY) ACCESS(PRIVILEG)
Note: When an MSCA changes or specifies a restricted option at the O/S console, the product automatically uses the MSCA's previous password. This process allows for emergency changes without compromising the MSCA's current password.
Includes control options that request product status displays. Unrestricted control options are as follows:
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|