|
|
|
Security Administrators can use CA Top Secret to protect a specific CPU (identified by HCPSYSID or system_identifier statement in the system configuration file) once it is owned. Use the CPU keyword, along with TSS CREATE or ADDTO, to establish resource ownership.
Once owned, a CPU cannot be accessed unless explicit authorization is granted. The CPU keyword is the vehicle for specifying CPU ownership and authorizations.
For example, the following assigns ownership of this CPU to the department associated with ACID DEPT01.
TSS ADDTO(DEPT01) CPU(VMSYSA)
Remember that CPU is a “resource class” type of keyword--like CPCMD, VOLUME, or VMMDISK.
To grant USER01 access to VMSYSA, a Security Administrator with the required administrative authority enters the following:
TSS PERMIT(USER01) CPU(VMSYSA)
By qualifying a TSS PERMIT with other controls, CPU protection can be used to limit access to a CPU on a time-of-day basis. For example, to provide for a virtual machine that can be accessed by the day shift, a CA Top Secret administrator enters a TSS command similar to the following example:
TSS PER(DAYPROP) CPU(VMSYSA) FACILITY(VM) TIMES(09,17)
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |