When a started task is associated with a multi-user address space, the ACID assigned to the PROCNAME is associated with a MASTFAC attribute.
When a user connects to the address space through VTAM, or other telecommunication method, the MASTFAC assigns a facility from the CA Top Secret FACILITY matrix, which each session's user is required to have. Parameters from the FACILITY matrix provide additional security policies to all sessions connected to the address space.
This example assigns the CICSTEST facility to procedure CICST1 and requires all users signing onto that region to have the CICSTEST facility. CICSPEON connects to procedure CICST1 through its applid, and signs on using CESN with the USERID and PASSWORD 'CESN USERID=CICSPEON,PS=POWRLSS':
TSS CREATE(CICST1) TYPE(USER)
NAME ('CICS TEST REGION')
FACILITY(STC,CICSTEST)
PASSWORD(NOPW,0)
DEPARTMENT(CICSDP)
MASTFAC(CICSTEST)
TSS ADD(STC) PROCNAME(CICST1)
ACID(CICST1)
TSS CREATE(CICSPEON) TYPE(USER)
NAME('LOWLEVEL USER')
FACILITY(CICSTEST)
PASSWORD(POWRLSS)
DEPARTMENT(CICSDP)
In this example, CICSPEON can not sign on as its facility CICSTEST does not correspond to the CICSPROD facility associated with ACID CICSP1's MASTFAC:
TSS CREATE(CICSP1) TYPE(USER)
NAME ('CICS TEST REGION')
FACILITY(STC,CICSPROD)
PASSWORD(NOPW,0)
DEPARTMENT(CICSDP)
MASTFAC(CICSPROD)
TSS ADD(STC) PROCNAME(CICSP1)
ACID(CICSP1)
For information, see the Control Options Guide and Implementation Guides.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|