Security for an APPC/OS/390 environment is discretionary and should be based on the sensitivity of your resources and on the relationship between the conversing systems. If, after careful consideration, you decide that you need to add some security measures, there are several different levels you can employ. They are:
In a minimally secured APPC environment, the ASCH started task must be permitted READ access to SYS1.PARMLIB. The APPC started task requires READ access to SYS1.PARMLIB and UPDATE access to the TP profile and side‑information data sets. The ASCHINTS, APPC, and ASCH started tasks must also be granted access to the APPC facility.
Security at the LU‑LU level can be provided through a combination of CA Top Secret and VTAM options. By using the APPCLU Record Table you can define which LUs can be used for an APPC conversation and what, if any, security information is required for that link to take place. By using the VTAM VERIFY option and the CA Top Secret VTAMAPPL and APPLICATION resources you can determine which ACBs can be opened to establish a session between authorized LUs and what degree of security checking will take place. CONVSEC security can further extend these security restrictions to the conversation level.
Security on a TP‑to‑TP level limits which users have access to certain APPC resources and is provided through CA Top Secret keywords. For example, you can restrict USER01 so that he can only execute those TPs identified by the PERS.database token-you can even force him to execute those TPs from a particular LU.
Furthermore, the administration of the TP profile and side‑information data sets can be limited to a particular individual or individuals. Administration of the APPCLU record can also be limited by using the TSS ADMIN command function.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|