If you are using OTMA in an IMS environment with IMS r10 and above, you can protect messages on OTMA asynchronous hold queues from unauthorized use of the RESUME TPIPE request.
If security is enabled for the TPIPE hold queues, the userid issuing a RESUME TPIPE request must be authorized to access the TPIPE name in the RESUME TPIPE request before TPIPE messages are sent to the OTMA client.
IMS uses a SAF call to invoke CA Top Secret TPIPE security. The resource class for these TPIPE security calls is formed from the prefix R and the value established for the RCLASS parameter (defaults to IMS).
Rather than use RCLASS to distinguish security permissions for different regions, CA Top Secret encourages the administrator to use separate facilities for distinct regions and to distinguish region-specific permissions by FACILITY.
To enable TPIPE security, the security administrator must create an RDT entry for the TPIPE resource class.
Examples: TPIPE security
This example assumes the use of the RIMS resource class for TPIPE security:
TSS ADD(RDT) RESCLASS(RLIMS)
RESCODE(xx)
MAXLEN(8)
The following instructions assume the use of the RIMS facility for TPIPE security. If in use, substitute any non standard TPIPE resource class.
This example establishes ownership of the RIMS is a general resource:
TSS ADDTO(acid) RIMS(tpipe)
This example allows the user to issue the RESUME TPIPE request for the TPIPE only in regions using the IMSPROD facility:
TSS PERMIT(acid) RIMS(tpipe)
FACILITY(IMSPROD)
This example allows the user to issue the RESUME TPIPE request for the TPIPE unrestricted by facility.
TSS PERMIT(acid) RIMS(tpipe)
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|