Converting SMU Control Statements to CA Top Secret › Terminal Based Security to CA Top Secret Conversion › The TSSISMU4 Utility

The TSSISMU4 Utility

Use the TSSISMU4 utility to provide a skeleton for the security policy in a conversion from SMU terminal security to CA Top Secret. This security policy can be for either a user-based or terminal-based security implementation.

The utility processes the SMU security definitions for the IMS region being converted.

If the conversion is to a user-based security policy:

• For each unique transaction or command in a SMU terminal security definition, the utility checks if the resource is currently owned in CA Top Secret.
• If the resource is not owned in CA Top Secret, the utility generates an ADDTO statement to give ownership of the resource.
• For each terminal/transaction or terminal/command combination in the SMU definitions, the utility generates a PERMIT statement for the IMS transaction or command, with a dummy value in the ACID initialized to the IMS logical terminal name.
• Determine who the users are who require access to the transaction or command, and change the ACID value in the PERMIT statement to reflect those users.
• If necessary, the PERMIT statement can be duplicated to permit access from different sets of users.

If the conversion is to a terminal-based security policy based on automatic terminal signon:

• For each unique terminal in the SMU terminal security definition, the utility generates a CREATE statement to create an ACID for the IMS logical terminal name.
• For each transaction or command in a SMU terminal security definition, the utility checks if the resource is currently owned in CA Top Secret.
• If the resource is not owned in CA Top Secret, the utility generates an ADDTO statement to give ownership of the resource.
• For each terminal/transaction or terminal/command combination in the SMU definitions, the utility generates a PERMIT statement to permit the LTERM ACID access to the IMS transaction or command.
• Determine what IMS physical terminal name corresponds to the LTERM name in the SMU definition. This physical terminal name is obtained from the IMS system definitions (IMS stage 1). Then change the LTERM value in the CREATE and PERMIT statements to the physical terminal name.

Examples: TSSISMU4 conversion

In this example, the TSSISMU4 utility is executed with PARM='ATS,OWNUSER,IMSPROD,IMSDEPT', and the SMU input is:

)( TERMINAL TERM1
  TRANSACT PAYINQ
  COMMAND DISPLAY

The utility generates the following PERMIT commands:

TSS CREATE(TERM1) TYPE(USER)
                  NAME('ATS terminal')  	
                  PASSWORD(TERM1)
                  SOURCE(TERM1)
                  NOSUSPEND	
                  DEPT(IMSDEPT)
                  FAC(IMSPROD)
TSS ADDTO(OWNUSER) OTRAN(PAYINQ)
TSS ADDTO(OWNUSER) CIMS(DIS)	
TSS PERMIT(TERM1) OTRAN(PAYINQ)
                  FAC(IMSPROD)
TSS PERMIT(TERM1) CIMS(DIS)
                  FAC(IMSPROD)

In this example, the TSSISMU4 utility is executed with PARM='USER,OWNUSER,IMSPROD' and the SMU input is:

)( TRANSACT PAYINQ
   TERMINAL TERM1
   TERMINAL TERM2

The utility generates the following PERMIT commands:

TSS ADDTO(OWNUSER) OTRAN(PAYINQ)
TSS PERMIT(TERM1) OTRAN(PAYINQ) FAC(IMSPROD)
TSS PERMIT(TERM2) OTRAN(PAYINQ) FAC(IMSPROD)

TSSISMU4 Authorization Requirements

There are two steps to the TSSISMU4 utility process.

• Execute the TSSCFILE utility to obtain the current resource ownership information for IMS transactions and commands. This step should be executed by the MSCA to ensure that all security information is obtained.
• Executes the TSSISMU4 utility. There are no authorization requirements for the TSISMU4 utility.

Sample TSSCFILE JCL

This sample JCL executes the TSSCFILE utility:

//    JOB …
//TSSCFILE   EXEC PGM=TSSCFILE
//OUT        DD  DSN=tsscfile.output,
//           DISP=(NEW,CATLG,DELETE),
//           UNIT=SYSDA,
//           VOL=SER=vvvvvv,
//           SPACE=(CYL,(10,10),RLSE),
//           DCB=(RECFM=FB,LRECL=300) 
//PRINT      DD  SYSOUT=*
//IN         DD  *
TSS WHOOWNS OTRAN(*)
TSS WHOOWNS CIMS(*)
//

OUT

This DD statement specifies the output data set created by the TSSCFILE utility containing the output of the TSS WHOOWNS commands. This data set is used as input to the TSSISMU4 utility.

This must be a sequential data set with a record length of 300.

PRINT

This DD statement specifies the utility report data set created by the TSSCFILE utility.

IN

This DD statement specifies the data set containing the TSS CFILE input commands. These commands are required and must be entered exactly as shown.

Sample TSSISMU4 JCL

This sample JCL executes the TSSISMU4 conversion utility:

//    JOB …
//TSSISMU4   EXEC PGM=TSSISMU4,
//           PARM='USER|ATS,owner,imsfac,department' 
//TSSCFILE   DD  DSN=tsscfile.input,DISP=SHR     
//SMU        DD  DSN=smu.input,DISP=SHR          
//TSSCMDS    DD  DSN=tsscmds.output,DISP=SHR     
//        

USER|ATS

Controls whether the output from the utility is for a user-based conversion process (USER) or a terminal-based conversion process (ATS).

Owner

Specifies the ACID used in the ADDTO statement giving ownership of IMS transactions or commands that are not already owned. If different owning ACIDs are desired for different IMS resources, a placeholder literal such as ???????? can be specified. The TSSCMDS data set can then be edited, and the correct values for the owning ACIDs substituted before the commands are executed.

Imsfac

Specifies the facility name of the IMS control region whose SMU input is being converted. This value is used in the TSS CREATE statements for the terminal ACIDS (ATS conversion only) and the PERMIT statements that are generated to give access to the transactions and commands in the IMS region.

Department

This parameter is only required if the first value in the parameter list is ATS. The value is used in the TSS CREATE statements to create ACIDs for the terminal names. The terminal ACIDs are defined in the specified department.

TSSCFILE

This DD statement specifies the input data set containing the TSSCFILE input for transaction and command ownership.

This must be a sequential data set with a record length of 300.

SMU

This DD statement specifies the input data set containing the SMU statements for the IMS region being processed.

This must be a sequential data set with a record length of 80.

TSSCMDS

This DD statement specifies the output data set created by the TSSISMU4 utility, containing the TSS statements generated by the conversion utility. This must be a sequential data set with a record length of 80.