Securing Resources › Resource Descriptor Table › Modifying Existing RDT Entries

Modifying Existing RDT Entries

Depending on how your security environment is set up, you may decide you need to modify certain attributes for a particular resource class. To do this you would use the TSS REPLACE command with the RESCLASS and ATTRIBUTE keywords. The following is a sample command:

TSS REPLACE(RDT) RESCLASS(VMMDISK) ATTR(DEFPROT)

In this example:

• TSS REPLACE signifies that one attribute is replaced by new a one.
• RDT signifies that the Resource Descriptor Table is where the change will occur and where the new information is stored.
• RESCLASS is theCA Top Secret keyword.
• VMMDISK designates the actual resource class by keyword, in this case VM minidisks.
• ATTR is theCA Top Secret keyword.
• DEFPROT designates which attribute replaces the current attribute. In this case, the attribute is DEFPROT. For predefined resource classes you can only modify the following attributes:
  • EXIT calls the installation exit for the resource class.
  • NOEXIT deactivates the installation exit calls for that resource class.
  • DEFPROT protects this resource class by default
  • NODEFPROT deactivates default protection for this resource class.
  • GENERIC allows authorizations for a similar set of resources within this resource class to be grouped under a single prefix (for example, all data sets beginning with the ABC prefix).
  • MASK supports masking characters.
  • NOMASK does not support masking characters.
  • NONGENERIC causesCA Top Secret to treat each authorization for a specific resource within this resource class as a fully qualified name. (Generic prefixing and masking are discussed later in this chapter.)

The following attributes—frequently referred to as AUTH options—can also be modified for predefined resource classes. They affect the manner in whichCA Top Secret checks user, profile, and the ALL records for resource authorizations. They are discussed in the Security Validation Algorithm section in this chapter and in greater detail in the AUTH Control Option section in the Control Options Guide.

• MERGE uses AUTH(MERGE) for access checking of this resource class.
• NOMERGE deactivates AUTH(MERGE) for this resource class.
• ALLMERGE uses the AUTH(ALLMERGE) option for access checking of this resource class.
• NOALLMERGE deactivates AUTH(ALLMERGE) for this resource class.

For further information about these attributes as well as a complete list of modifiable attributes for installation defined resources, see your Command Functions Guide.