The following section discusses auditing and the TSSUTIL report program.
If the SYS1.MANx SMF data sets are MLS-protected in your system, you must sign on with an MLS security label that dominates that of the SYS1.MANx SMF data sets to read the data from them. Since the SYS1.MANx data sets are generally classified with the highest label in the system, your signon security label will generally be SYSHIGH.
If MLS validation allows access to the SYS1.MANx data sets, CA Top Secret will perform subsequent DAC checks of whether the user submitting the utility is authorized to view or manipulate the input SMF data.
The TSSUTIL report generator processes the SMF or Audit/Tracking File records issued by CA Top Secret to provide an updated activity report for system entry requests and requests to access resources. When MLS is active, the following new fields are captured whenever an unauthorized attempt is made to access a classified data set:
The 8-byte user session seclabel
The 8-byte resource seclabel
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|