CA Top Secret resource authorization processing considers the period character (.) as a delimiter. This delimiter is used when permitting masked resources, such as, when providing security for data sets.
Path names use the slash character as a delimiter. Before a file is validated, the path name has all slash characters (except the first) translated into a period. Other special characters are translated into the dollar sign ($). These include characters that are used as masking characters in resource permissions. If not translated, these characters could create undesired results. The special characters include the period, asterisk, dash, plus, blank, and quote. An exit point is provided which can further modify any character to meet special needs, with the exception of the slash character which is always translated to a period delimiter.
The following table shows examples of path name translation:
|
Original path name |
Translated path name |
Sample resource authorizations |
Security action |
|---|---|---|---|
|
/bin/su |
/BIN.SU |
TSS PER(USER01) HFSSEC(/BIN.SU) ACCESS(NONE) |
No access to switch user command |
|
/u/user01/proj1/ file1.txt |
/U.USER01.PROJ1.FILE1$TXT |
TSS PERMIT(USER01) HFSSEC(/U.%.PROJ1.FILE1$TXT) ACCESS(ALL) |
All access allowed |
|
/usr/sbin/mknod |
/USR.SBIN.MKNOD |
TSS PER(SYSPROG) HFSSEC(/USR.SBIN.MKNOD) ACCESS(ALL) |
Allow system programmers to create special characters |
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|