Operators, systems programmers, and production control personnel continuously have access to the O/S consoles and started tasks. Each day, hundreds of STCs may be executed without any record to indicate who entered the started task.
To provide operator accountability, CA Top Secret allows a security administrator to force the operator executing the STC to provide identification. The security administrator with MISC9 administrative authority can ADD an STCACT attribute to the STC definition.
The STCACT attribute forces the operator to enter an accountability ACID and PASSWORD. Normally, this is the ACID and password of the console operator, however administrators may provide for different ACIDs to correspond with their auditability needs.
If the ACID or password entered is invalid, the STC does not EXECUTE, and an audit trail of the failure is logged to the SMF or AUDITx files.
If the ACID and password are valid, an audit trail is logged with both the ACID and password supplied for STC accountability, and with the ACID assigned for started task execution . For information on logging and reporting, see the Report and Tracking Guide.
The example assigns the ACID IMS to all started tasks whose procedure name begins with the characters "IMS" and prompts the operator for identity:
TSS ADD(STC) PROCNAME(IMS*)
ACID(IMS)
STCACT
When the optional STCACT attribute is designated the operator is prompted for their ACID and password. This provides accountability for the task's START command. The START command accountability ACID and password is usually separate from the PROMPT ACID and password under whose authority the task executes. The START command accountability ACID cannot have NOPW as a password.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|