CA Top Secret command security is controlled by the TYPE=RACFCOM parameter of the IMS system definition SECURITY macro, and by the RCF= IMS initialization parameter.
Depending on how the command enters IMS, other IMS initialization options may also affect CA Top Secret command security.
IMS uses a SAF call to invoke CA Top Secret command security. The resource class for these command security calls is formed from the prefix "C" and the value established for the RCLASS parameter (which defaults to "IMS").
CA Top Secret provides a system-supplied resource class CIMS.
Rather than use RCLASS to distinguish security permissions for different regions, CA Top Secret encourages the administrator to make use of separate facilities for distinguished regions and to distinguish region-specific permissions by FACILITY.
The following instructions assume the use of the CIMS facility for command security. The administrator should substitute their non‑standard command resource class, if one is in use.
CIMS is a general resource that can be ADDed to establish ownership:
TSS ADDTO(acid) CIMS(command)
To allow users access to the command, enter:
TSS PERMIT(acid) CIMS(command)
FACILITY(IMSPROD)
TSS PERMIT(acid) CIMS(command)
The first permission allows the user to execute the command only in regions using the IMSPROD facility. The second permission allows the user to execute the command unrestricted by facility.
Note: The resource name in the IMS SAF call that invokes CA Top Secret command security is the first three characters of the command verb, not the entire command verb. When you issue the TSS command to administer command security, the resource name must be limited to these three characters.
This example permits access to the IMS START command:
TSS PERMIT(acid) CIMS(STA)
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|