Use resource translation to align resource ownership, permission, and reporting with the business use of a given facility. Resource class translation allows you to translate:
Important! Defining new resource classes to the RDT and translating security validations to that class does not imply that all resources within the original class are protected within the new class. Insure that all resources that require protection are defined as owned and permitted for any classes defined as targets of resource class translation. Consider assigning the default protection attribute to any user defined resource classes used as targets for translation.
Example: resource class translation
In this example, a system running with multiple CICS regions is active at the same time and each CICS region represented by a unique facility within the matrix. No matter which CICS initiates a transaction the OTRAN resource class is assigned to the security validation process. The definition of resource ownership and the reporting and tracking of resource access and violations occurs within a single resource class. Defining resource class translation criteria in each CICS facility the OTRAN class translates into multiple classes for security validation purposes.
TSS MODIFY FACILITY(CICS1=RXLTADD(OTRAN:TRAN1))
TSS MODIFY FACILITY(CICS2=RXLTADD(OTRAN:TRAN2))
TSS MODIFY FACILITY(CICS3=RXLTADD(OTRAN:TRAN3))
When a user enters a transaction in CICS1, the OTRAN resource class is translated to TRAN1, and the security validation process checks for ownership and permission of the resource name within the resource class of TRAN1. Violation and access audit reporting includes both the original resource class and the actual resource class within the report entry if a translation is performed.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|