z/OS brings the MVS and UNIX operating systems together onto one hardware platform. Although some interoperability between MVS and UNIX exist, each environment retains its own distinct data structures and methods of access control.
UNIX data is kept in a Hierarchical File System (HFS). From the UNIX perspective, the HFS contains many discrete data files. From the MVS perspective, the HFS is one data set and can only be controlled as one data set. MVS can control access to the entire file system, but not to the individual files within the HFS.
HFS files are protected by file permission bit settings set when the file owner creates the file. A superuser, a user privilege that grants much more authority than just security administration, can only perform centralized administration. MVS resources are protected by resource access that can be set up in advance by scoped security administrators.
CA SAF HFS security provides single‑point security access control, administration, and reporting for both MVS and UNIX resources. CAIENF services present access events to CA Top Secret for validation. Administrators use familiar commands and rules to protect UNIX files and functions, restricting access based on the CA Top Secret ACID permissions instead of the UNIX UID or GID numbers. HFS access loggings and violations are reported in the standard CA Top Secret reports.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|