Implementing CA Top Secret › Transaction Level Security
Transaction Level Security
Transaction level security is effective for end‑users only. A programmer can design an application to link to the program behind the transaction and get into the protected application by bypassing the transaction level security. If the files available within the facility are not protected a programmer can modify the program to access the files available behind the transaction level security. Proper program change controls limit these types of exposures.
If you choose to implement transaction level security with LCF, consider the following:
- Transactions (or task codes for CA‑IDMS) are the most obvious element of the application. Determine which users require which transactions and define those requirements to CA Top Secret.
- Transactions using LCF are not resources that can be owned. Therefore:
- You cannot use the TSS WHOHAS command to determine who has access to the transactions.
- Transactions do not fall under the control of administrative scope. As a result, you cannot effectively decentralize their administration. An CA Top Secret administrator at any level can or cannot administer all transactions.
If you choose to secure transactions through OTRAN, consider the following:
- Transaction ownership is global. Once a transaction is owned it must be administered across all facilities.
- OTRANs are general resources and TSS WHOHAS can be used to help administer them.
Copyright © 2014 CA Technologies.
All rights reserved.
|
|