If LOCK resource security is enabled, when an LTERM is specified on a LOCK or UNLOCK command, IMS performs a security validation to see if the user is allowed to LOCK or UNLOCK the terminal.
IMS uses a SAF call to invoke CA Top Secret LTERM security. The resource class for these LTERM security calls is formed from the prefix "L" and the value established for the RCLASS parameter (which defaults to "IMS").
Note: This is the same resource class that IMS uses for RAS LTERM validation.
Rather than use RCLASS to distinguish security permissions for different regions, CA Top Secret encourages the administrator to make use of separate facilities for distinguished regions and to distinguish region-specific permissions by FACILITY.
If LOCK resource security is enabled, the security administrator must create an RDT entry for the LTERM resource class.
This example assumes the use of the LIMS resource class for LTERM security:
TSS ADD(RDT) RESCLASS(LIMS)
RESCODE(xx)
MAXLEN(8)
The following instructions assume the use of the LIMS facility for LTERM security. The administrator should substitute their non‑standard LTERM resource class, if one is in use.
LIMS is a general resource that can be ADDed to establish ownership:
TSS ADDTO(acid) LIMS(lterm)
To allow the user to LOCK or UNLOCK the terminal, enter:
TSS PERMIT(acid) LIMS(lterm)
FACILITY(IMSPROD)
TSS PERMIT(acid) LIMS(lterm)
The first permission allows the user to LOCK and UNLOCK the terminal only in regions using the IMSPROD facility. The second permission allows the user to LOCK and UNLOCK the terminal unrestricted by facility.
The MIMS resource class documented in the IMS product documentation for LTERM grouping has no meaning in CA Top Secret. You can use profiles for LTERM grouping, or permit individual LTERMs in the LIMS resource class.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|