Implementing CA Top Secret › Resource Level Security
Resource Level Security
The following considerations apply to resource level security:
- It is more difficult and time‑consuming to determine the resource access requirements for a given application. It is often necessary to involve the applications development group to design effective resource level security.
- CICS, IMS, and CA‑IDMS resources are not owned, therefore:
- The TSS WHOOWNS and TSS WHOHAS commands can be used to determine who is responsible for, and who has access to, these resources.
- Administrative scope applies and administration of resources can be effectively decentralized.
- Resource level security is the most secure level of security, because it prevents programmers from linking into protected programs or accessing protected files within these facilities.
You may find it appropriate to plan an implementation strategy that combines both forms of security. Many organizations initially address transaction level security, and as time permits gradually implement resource level security. Since these facilities allow gradual implementation of resources, even in FAIL mode, this may be the most effective approach for the implementation of CICS, IMS, and CA‑IDMS security for your installation.
Copyright © 2014 CA Technologies.
All rights reserved.
|
|