The TSS command functions that can be used with CPF are authorization commands such as ADDTO, PERMIT, REMOVE, and CREATE as well as, WHOHAS, LIST, and WHOOWNS.
The CPF keywords that can be used with these functions are:
Identifies each node to which a command can be propagated.
Transmits the command to the local node and to all nodes defined in the CPFNODES control option.
Restricts command execution to the local node only. The TARGET(=) keyword overrides the CPFTARGET(LOCAL) control option.
Transmits all commands to nodes whose names begin with the indicated string. The string can range from one to seven characters.
Propagates commands to all DEFNODES for a user, including nodes marked as no‑broadcast nodes.
Defines default remote nodes for use in the event that a security administrator does not specify a TARGET keyword on a command. DEFNODES only applies if the CPFTARGET control option has been set to AUTO.
Sets the processing mode for the command being issued. WAIT(YES) selects synchronous processing. WAIT(NO) selects asynchronous processing. The WAIT keyword overrides the CPFWAIT control option setting.
Examples: CPF command keywords
This example displays the users on CPU1, CPU2, and the local node that have access to payroll data:
TSS WHOHAS DSNAME(PAYROLL.)
TARGET(CPU1,CPU2,=)
WAIT(Y)
This example grants ownership of the SYS1 data set prefix to DEPT01 on all remote R‑prefixed nodes identified by the CPFNODES control option:
TSS ADDTO(DEPT01) DSNAME(SYS1.)
TARGET(R*)
WAIT(Y)
This example designates the ALT, BOS, and CIN nodes as the default routing nodes for USER01:
TSS ADDTO(USER01) DEFNODES(ALT, BOS, CIN)
Although asterisk (*) and LOCAL are the more commonly used values with CPFTARGET, when using DEFNODES with a TSS command, AUTO is required.
DEFNODES only applies:
If these two conditions are met, CA Top Secret automatically retrieves the DEFNODES normally associated with the targeted ACID. The only time the DEFNODES keyword is supplied in a command is when the ACID's DEFNODES are being designated (on the initial TSS CREATE or later through a TSS ADDTO) or updated. DEFNODES administration is discussed in the next section.
If CPFTARGET is set to AUTO and no DEFNODES are specified, routing is done to all the nodes with send abilities only when a user changes his own password or is suspended because of an invalid password or because he has been inactive for too long.
If the command issued is an ADD/REMOVE, ADMIN/DEADMIN, DELETE, MOVE, PERMIT/REVOKE, RENAME, or REPLACE, the destination nodes are taken from the DEFNODES of the targeted ACID.
DEFNODES can be assigned to an ACID:
If TSS CREATE is issued without indicating the DEFNODES keyword, or by using a model ACID that does not have DEFNODES, no DEFNODES are supplied.
Use TSS REMOVE is used to delete one or more entries.
Use TSS REPLACE to delete an ACID's existing DEFNODES definitions in their entirety and replace them with a completely new list.
A maximum of five DEFNODES can be added, removed, or replaced in a single TSS command.
Examples: DEFNODE administration
This example creates an ACID of USER01 for John Smith and designates NODEA, NODEB, and NODEC as his DEFNODES:
TSS CREATE(USER01) NAME('John Smith')
TYPE(USER)
PASSWORD(shsh,30,exp)
DEFNODES(NODEA,NODEB,NODEC)
This example uses the ACID created in the previous example as the basis for Sam Jone's ACID, USER02. Since USER01 has DEFNODES, these same DEFNODES are being transferred to USER02:
TSS CREATE(USER02) USING(USER01)
Name('Sam Jones')
This example indicates that ACID01 now has DEFNODES of NODEB and NODEC:
TSS ADDTO(ACID01) DEFNODES(NODEB,NODEC)
This example removes NODEB from USER02's DEFNODES list while leaving NODEA and NODEC:
TSS REMOVE(USER02) DEFNODES(NODEB)
This example completely removes the current DEFNODES from USER02 and replaces them with NODEF, NODEG, and NODEH:
TSS REPLACE(USER02) DEFNODE(NODEF,NODEG,NODEH)
To get a better understanding of how the CPF control options and CPF command keywords work together, consider the consequences of the following sample commands.
Examples: CPF commands and options:
In this example, since no TARGET is specified, CA Top Secret looks to the CPFTARGET control option setting to determine the designated default routing procedure:
TSS ADDTO(USER01) DSNAME(ABC123)
In this example, USER01 is being granted ownership of the ABC123 data set. Since a TARGET of * was specified, this command is propagated to all nodes identified by the CPFNODES control option.
TSS ADDTO(USER01) DSNAME(ABC123)
TARGET(*)
In this example the same command will only be executed on the local node (as specified by the =).
TSS ADDTO(USER01) DSNAME(ABC123)
TARGET(=)
In this example the command is propagated to NODEA and NODEB regardless of the values specified by the CFPNODES or CPFTARGET control options and any DEFNODES USER01 may have. An explicit TARGET will override the defaults.
TSS ADDTO(USER01) DSNAME(ABC123)
TARGET(NODEA,NODEB)
In this example the command is propagated to all broadcast nodes and any no‑broadcast nodes that are identified as DEFNODES for USER01.
TSS ADDTO(USER01) DSNAME(ABC123)
TARGET(*,SELECT)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|