|
|
|
CA Top Secret protects DASD volume access to OS- and DOS-formatted volumes. DASD volumes can be specified either by their full names or by generic prefix. If necessary, you can also bypass volume level security entirely.
Specific volumes can be protected by identifying their volume serial numbers. An example of the required syntax follows:
TSS ADDTO(DEPT01) VOLUME(24T921)
Or groups of volumes can be protected by specifying a generic prefix:
TSS ADDTO(DEPT01) VOLUME(24T)
It protects all volumes whose VOLSER begins with “24T.”
Users or profiles can be allowed access to all volumes through a simple two-step process. First define the VOLUME(*ALL*) to the Master SCA:
TSS ADDTO(mscaacid) VOLUME(*ALL*)
Next, make a CA Top Secret entry that gives the designated user, profile, or everyone access to all volumes. The level of access allowed may be restricted. For example, the following authorizes any user for READ access to any volume.
TSS PERMIT(ALL) VOLUME(*ALL*) ACCESS(READ)
Once a volume has been defined, an access request lacking sufficient OS/DOS data set authorization, must be specifically permitted.
Volume level access allows a user to access, up to the authorized level, any OS/DOS data set on the volume. For example, an access level of READ does permit a backup procedure, but not a restore procedure. Using the *ALL* reserved word, any group of users can be authorized for access to any volume--current and future.
For example, the following authorizes this profile group to access any volume at any level.
TSS PERMIT(OPPROF) VOL(*ALL*) ACCESS(ALL)
The following authorizes any user for READ access to any volume.
TSS PERMIT(ALL) VOLUME(*ALL*) ACCESS(READ)
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |