Implementing Security for CA IDMS › Implementing Security › Administering Task Security

Administering Task Security

CA Top Secret gives you two options for protecting CA IDMS tasks. You can protect them on the resource level as owned resources through the resource name OTRAN (Owned TRANsaction) or on a user-by-facility basis through the use of the Limited Command Facility (LCF).

To protect tasks, an appropriate entry must be made in the #SRTT to cause CA IDMS to drive external security. You have three options for implementing task security by coding either EXTCLS='LCF', EXTCLS='LCFONLY', or EXTCLS='OTRAN' in the #SRTT entry for RESTYPE=CLASS. An example of the CA-IDMS macros used to protect tasks appears below.

#SECRTT TYPE=ENTRY,
RESTYPE=TASK,
SECBY=EXTERNAL,
EXTCLS='LCF',
EXTNAME=(RESNAME)

For the value EXTCLS='LCF', CA Top Secret tests task security as follows:

• If the task is defined through ownership of an OTRAN resource, determine if EXEC access is permitted to the task.
• If the task isn't defined through OTRAN ownership, test for LCF TRANS and XTRANS rules, and then determine if access is permitted.
• If the CA-IDMS facility XDEF control option is set and neither OTRAN or LCF rules have rejected the access, then reject the access.
• If the CA-IDMS facility NOXDEF control option is set, allow the access.

Note: CA Top Secret automatically checks for OTRAN and LCF permissions for EXTCLS='LCF'.

For an explanation of the LCF, OTRAN, and LCFONLY values, see the User Guide.