Securing CA Roscoe IE

Protecting Facilities › Securing CA Roscoe IE

Securing CA Roscoe IE

No modifications of CA Roscoe IE code are required to implement CA Top Secret support. Support is provided through CA Roscoe IE security exits.

Signon Security and Authorization Restrictions

To sign on to CA Roscoe IE, a user’s ACID must be authorized to access the CA Roscoe IE facility.

In addition to being defined to CA Top Secret, users must be defined in the CA Roscoe User Profiles Dataset. Users then sign on to CA Roscoe IE using their ACID and password.

If the CA Roscoe IE key has “.” embedded in it (for example, “RCA.USER5”) CA Top Secret uses the characters after the period as the user’s ACID—for example, USER5.

To grant access authorization you can:

Add the facility to the ALL Record
Add the FACILITY parameter to the ACID

To secure CA Roscoe IE, enter the command:

TSS ADDTO(user) FACILITY(ROSCOE)

Terminal Security

CA Top Secret can restrict the use of terminals to authorized users only. In addition, you can prevent a user from signing on from multiple terminals.

By installing a command exit, unattended terminals can be protected against unauthorized access by using automatic terminal locking. Cumulative security violation thresholds can be established that force terminal locking if this threshold is exceeded.

Command and Monitor Security

Security for both commands and monitors is provided through the CA Top Secret Limited Command Facility (LCF). With LCF each user can have an inclusive list (which specifies a list of commands and monitors he is allowed to use) or an exclusive list (which specifies a list of commands and monitors he is not allowed to use).

ZAP, UTILITY, IMPORT, EXPORT Security

Access to O/S data sets by the ZAP, UTILITY, IMPORT, and EXPORT monitors can be closely restricted by the CA Top Secret I/O access level feature. The access level authorizations required are:

Function	Access Level
ZAP	requires READ
ZAP with REP or SETSSI	requires UPDATE
IMPORT	requires READ
EXPORT	requires UPDATE
UTILITY	varies but UPDATE is common

Job Submission Validation

Online jobs submitted under CA‑Roscoe are treated by CA Top Secret exactly as if they were submitted under TSO.

Security Administration

Security administrators can use the TSS command under CA Roscoe IE to perform all security administration.