Security administrators use CA Top Secret command functions to communicate their administrative requirements to CA Top Secret. These requirements can range from the creation of an ACID to the definition of resource ownership.
CA Top Secret command functions are independent of the system facility. The security administrator uses command functions in the same manner, regardless of whether the facility is TSO, CICS, BATCH, CA Roscoe, IMS, or CA IDMS.
CA Top Secret command syntax has the following format:
TSS FUNCTION(ACID|ACIDS|ALL|APPLU|AUDIT|DLF|FDT|MLSSTC|NDT|RDT|SDT)
KEYWORD(OPERAND)
CA Top Secret commands always begin with TSS.
Specifies the function CA Top Secret performs. The rules for the function are:
Specifies the ACID being affected by the function.
Specifies the resource type or security attribute being processed by the function. The rules for the keywords are:
Specifies the prefix, resource name, required value, or name for a security attribute. The rules for operands are:
Example: Create a User with Required Properties
This example creates the user USER01 with all of their required properties:
TSS CREATE(USER01) TYPE(USER)
NAME('H.PARKER')
PASSWORD(1234,30,EXPIRE)
SOURCE(GRAF0076)
PROFILE(BUDGET,TAXES,CRIME)
DSNAME(SYS.01)
DEPARTMENT(DEPTB01)
CA Top Secret functions can be entered freeform onto the command screen of an online terminal, or into any of the CA Top Secret administration panels.
TSS command functions can be entered and changed via the CA Top Secret full‑screen administration panels, if the TSO installation uses IBM's System Productivity Facility (SPF or ISPF), or if the administrator is running under CMS. These panels provide the administrator with a “fill‑in‑the‑blank” application for the TSS command. The resulting command has a maximum length of 240 characters. Use the TSSCRIPT batch program to submit commands longer than 240 characters.
To access the CA Top Secret selection panel
The system displays the CA Top Secret Selection Panel:
CAKV-A000 Top Secret Selection Menu CA-TOP-SECRET ====> Enter the number of your selection and press the ENTER key: 1 Create - Define a new ACID 2 Acid(S) - Delete, Move, and/or Rename ACID(S) 3 Add/Remove - Add/Remove ACID Resources and Attributes 4 Replace - Change ACID Attributes 5 Permit/Revoke - Permit/Revoke Resource Access Permissions 6 Admin/Deadmin - Remove/Assign Administration Authorities 7 WhoAmI - Display current ACID's status 8 WhoHas/WhoOwns - Display Resource access/ownership information 9 List - List ACID(S) Security Records 10 Status - Display TSS System Status 11 Modify - Perform TSS Modify 12 Security Tables - Modify Security tables (RDT,STC,etc) PF1=Help 2= 3=End 4=Return 5= 6= PF7= 8= 9= 10= 11= 12=Cursor
When an ACID enters an CA Top Secret command function, CA Top Secret:
CA Top Secret processes only command functions (with the exceptions of HELP and WHOAMI) issued by ACIDs who have administrative authority. This administrative authority is limited to the scope of the administrator.
Generic prefixing, designated with a (G), allows the administrator to identify multiple VMUSER IDs. This is used with:
Example: generic prefixing
This example permits a System's Programmer to use the spooling command CHANGE for files belonging to any user ID prefixed with TDG:
TSS PERMIT(SYSPROG) CPCMD(CHANGE)
VMUSER(TDG(G))
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|