Under CA IDMS, each user signed on to the region occupies part of the CA IDMS address space. Consequently, when a user requests access to a resource, the operating system "sees" CA IDMS performing the access-not the individual user. This process is typical of multi-user address spaces in general (like CICS). Therefore, to verify resource accesses on the individual user level, CA IDMS must issue its own security checks on behalf of the user performing the resource access. Since CA IDMS performs these checks for all users within the address space, there is no reason for MVS to perform a duplicate check for CA IDMS.
However, you should note that this resource checking is performed by the CA IDMS External Security Manager.
CA IDMS controls whether the same user signs on more than once by using the MULTIPLE SIGNON parameter. If this parameter is set to YES, a user can sign on to multiple terminals. Each signon after the first one shares the ACEE from the first terminal the user signed on to; therefore, subsequent signons will not be traced.
Since there is only one signon from the viewpoint of CA Top Secret, setting SIGN(S) on the facility will not disable the feature. To refresh a user's security environment when using MULTIPLE SIGNON, the user must sign off of all terminals before signing back on.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|