After installation, all STCs bypass security. The following STC definitions are required:
If the default STC ACID is BYPASS, then no additional definitions are required. Any valid STC ACID can be used with INIT, so that the starting batch initiator will not log as initiating BYPASS:
TSS ADDTO(STC) PROCNAME(INIT)
ACID(BYPASS)
If the default is FAIL, then an explicit definition must be given for INIT, either as BYPASS or by using an ACID that has a facility (STC).
TSS ADDTO(STC) PROCNAME(INIT)
ACID(STCACID)
The recommended approach is to explicitly define an ACID for JES (using whatever name is desired) and adding it to the STC record. BYPASS should not be used with JES unless there are no installation‑provided JES exits that invoke CA Top Secret and the installation is not using JES(VERIFY). In all cases, it is best to create an ACID for JES.
For example:
TSS CREATE(JES) NAME('JES ACID')
PASSWORD(NOPW,0)
DEPARTMENT(STCDEPT)
FACILITY(STC)
TSS ADDTO(STC) PROCNAME(JES2)
ACID(JES)
If the default STC ACID is BYPASS, then no additional definitions are required. Any valid STC ACID can be used with LLA so that the restarting LLA will not log as initiating BYPASS. See the previous INIT explanation for examples.
Note: When restarting LLA from an undefined terminal or ACID, two messages are received:
TSS7220E: 101 J=lla A=*missing
and
CSV244I CSV READ ACCESS DENIED
To correct this error, you must either PERMIT SYS1.PARMLIB to the ALL Record, or give access to the data set name for the ID starting the LLA.
BYPASS should be assigned either by the STC default (if the STC default is BYPASS) or by an explicit definition. Care must be taken to properly define these STCs.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|