|
|
|
The following list of terms describes the Facility operands listed in the above TSO example
Indicates that TSO is active. Opposite is INACTIVE.
Allows a copy of a profile to be shared by all users in a multi-user facility (such as Advantage CA‑IDMS, Advantage CA‑Roscoe, IMS and CICS), which lets you conserve storage space. Opposite is NOSHRPF
Indicates that authorized job submission is not being used for this particular facility. Opposite is ASUBM.
Pertains to the region abends as the result of user violations. ABEND resets the NOABEND option. If NOABEND had been set, CA Top Secret would not cancel a user's activity in the region, even if the violations exceeded the threshold (VTHRESH). Instead, CA Top Secret would lock the user's terminal. This applies to multi-user address space facilities only.
Single User Address Space. Requests data sets directly from MVS. In addition to TSO, other facilities fitting this description include: BATCH and STC. The functional opposite is MULTIUSER and in this case, security is generally not handled by MVS. This would include: CICS, IMS, Advantage CA‑Roscoe, and Advantage CA‑IDMS.
Indicates that transactions and commands do not have to be authorized through LCF before they can be used. If XDEF had been specified, all commands and transactions must be defined to each user or profile through the Limited Command Facility (LCF) before the command or transaction could be used.
Displays the last used message. Opposite is NOLUMSG.
Requests that the status message be displayed when a user signs on to the facility (in this case, TSO) Opposite is NOSTMSG.
Allows simultaneous logons with the same ACID for the specified facility. SIGNs disallows simultaneous logons.
Note: If there are multiple regions running under one facility (such as a CICSTESTA and CICSTESTB) an ACID can only signon once per region.
Allows installation data to be stored within a TSO region. The NOINSTDATA operand can be specified to conserve storage.
Allows random password generation. Opposite is NORNDPW.
Resets the NOAUTHINIT operand which issues RACINIT in a problem state. See your Implementation Guide for more information.
This operand only applies to the TSO facility and pertains to password prompting during signon. NOPROMPT deactivates the PROMPT operand. If a user enters his password and user ID (ACID) at the same time (which can cause the password to be displayed), CA Top Secret will issue a warning message and temporarily lock that user's terminal before prompting for the password.
Resets the AUDIT operand. The AUDIT operand causes automatic auditing of all activity within this facility.
Allows data set and volume access authorizations to be stored within the online multi-user region. NORES can be specified to conserve storage
Forces defined users and jobs to use their correct password during WARN mode. NOWARNPW cancels this operand.
Indicates that a facility is TSO compatible and can handle TGET and TPUT SVCs. NOTSOC cancels this operand.
Specifies that all LCF associated messages will see commands in their texts. If LCFTRANS had been specified, all LCF associated messages would then see transactions. See the “Securing Resources” chapter for an explanation of transactions and commands within LCF.
Deactivates the TRACE operand. If TRACE had been specified, a diagnostic trace would have been implemented throughout the facility.
Indicates that users do not need to supply a valid password in DORMANT mode. The opposite is DORMPW.
Does not force user to re-enter a new password for verification. This operand only applies to the TSO and CICS facilities. The NPWR operand requires password reverification.
Violation messages will be printed in mixed case. NOMSGLC indicates that only upper case will be used.
Indicates what security mode will be in operation for this particular facility (not necessarily the entire installation). In this case, the TSO facility is in FAIL mode.
Note: By default, all facilities are placed in FAIL mode. You can also specify DORM, IMPL, or WARN. See the “Securing Resources” chapter for more information about security mode settings and implications.
Indicates what types of security events will be recorded for this facility and where they will be recorded. The LOG control option was discussed in the “Administering Your Security Environment” chapter and applies to the entire installation. The FACILITY LOG operand applies only to a particular facility at a time. For more information about logging options, see the “Monitoring Your Security Environment” chapter.
Specifies the number of characters (in this example, 8) of an online userid that will be used to derive the user's ACID.
Indicates how many minutes of inactivity can elapse for a terminal signed on to a specific facility before that terminal will be locked. Facility-specific locktimes are overridden by a User's or Profile's designated locktime. In this case, LOCKTIME is not specified.
Indicates that CA Top Secret should derive the default ACID from the terminal or batch reader name if the userid entered at signon is not defined as an ACID, or if a batch ACID is not supplied. In this case, *NONE* is specified because DEFACID does not apply to the TSO facility. In the event DEFACID applies, you would have to supply a reader or terminal name.
Indicates the TCB protect key that the facility uses for storage. In this case the default, 8, is supplied.
There are many more operands for the FACILITY control option; most notably is the case of CICS. For more information about these additional operands and suboptions, see Control Options Guide, but for now, we're going to look at how the Facility Matrix Table is maintained and how these suboption values can be changed.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |