Valid on z/OS, z/VSE, and z/VM.
Use the ADMIN command function to assign administrative capabilities to subordinate CA Top Secret administrators.
Administrative authority:
Only the MSCA defined to CA Top Secret during the installation process can create and assign administrative authorities to SCAs.
This command function has the following format:
TSS ADMIN(acid) keyword(authority level)
ACCESS(access level)
Specifies the ACID of the administrator being granted ADMIN authority.
Specifies the authority type the administrator is authorized to manage:
Specifies the authority levels, such as MAINTAIN, REPORT, AUDIT, and CREATE, at which administrators can manage ACIDs within their scope.
Information that the administrator may display using the TSS LIST function: BASIC, RESOURCE, XAUTH, LCF, SOURCE, PROFILE, INSTDATA, CICS, ADMIN, NAMES, PASSWORD, WORKATTR, SESSKEY, and ALL.
An administrator can display all of the above information, except SESSKEY, using the TSS LIST command function.
Any active facility contained in the Facility Matrix, such as VM, TSO, IMS, CICSTEST, and CA Roscoe.
Low level administrative functions: LCF, INSTDATA, USER, LTIME, SUSPEND, NOATS, RDT, TSSSIM, and ALL.
DLF, TARGET, NDT, TSO, SMS, APPCLU, WORKATTR, and ALL.
PTOK and SDT
CERTSITE, CERTAUTH, CERTUSER, CERTLIST, CERTGEN, CERTEXPO, CERTCHEK, and KERBUSER
MLSADMIN
RSTDACC
LISTRDT, LISTSDT, LISTSTC, LISTAPLU,MCS, PWMAINT,REMASUSP, and ALL.
High level administrative functions: BYPASS, TRACE, CONSOLE, STC, MASTFAC, MODE, GLOBAL, GENERIC, and ALL.
Allows administrators to give authority to issue commands for all resource types owned within their administrative scope. An administrator can also give authority for a specific resource (like DSNAME). All specific resources have the same authority levels; OWN, XAUTH, AUDIT, REPORT, INFO and ALL.
The access keyword, which is a subset of RESOURCE, is used with XAUTH to specify access levels. Access level operands depend on the type of resource to which access is being permitted. Examples include: NONE, READ, WRITE, UPDATE, SCRATCH, BROWSE, MULTI, MREAD, MWRITE.
Used as an archetype for any resource defined to the RDT.
Used to define the scope for the LSCA
Specifies the authority level or levels at which the administrator will manage the authority type:
OWN, XAUTH, AUDIT, INFO, REPORT, and ALL
XAUTH, AUDIT, CREATE, INFO, DEFNODES, REPORT, MAINTAIN, and ALL
BASIC, RESOURCE, XAUTH, LCF, SOURCE, INSTDATA, CICS, PROFILE, ADMIN, NAMES, ACID, WORKATTR, SESSKEY, PASSWORD,
and ALL
LCF, INSTDATA, USER, LTIME, RDT, SUSPEND, NOATS, TSSSIM, and ALL
SMS TSO, NDT, DLF, TARGET, WORKATTR, APPCLU, and ALL
SDT
CERTSITE, CERTAUTH, CERTUSER, CERTLIST, CERTGEN, CERTEXPO, CERTCHEK, and KERBUSER
MLSADMIN
RSTDACC
LISTRDT, LISTSTC, LISTAPLU, MCS, LISTSDT, PWMAINT, REMASUSP, and ALL
BYPASS, TRACE, CONSOLE, STC, MASTFAC, MODE,GLOBAL, GENERIC, and ALL
Specific Facilities
Define scope for LSCA
Specifies the access levels (for example, FETCH and WRITE) for which the administrator is authorized to PERMIT RESOURCE(XAUTH) resource access. If no entry is made, CA Top Secret usually assigns a default level based on the resource type.
ALL, BLP, BROWSE, CONTROL, CREATE, DELETE, FETCH, FEOV, FIND, LOAD, MULTI, MREAD, MWRITE, NONE, PURGE, READ, REPLACE, SCRATCH, UPDATE, and WRITE
In this example the security administrator VCA1 assigns ownership of data sets by adding them to the Audit Record:
TSS ADDTO(VCA1) DSNAME(OWN,AUDIT)
TSS ADDTO(DEPT1) DSNAME(XYZ.DATA.CRASH)
This example audits the specified data set:
TSS ADDTO(AUDIT) DSNAME(XYZ)
This example gives all users the ability to LIST their BASIC data, resource permissions, LCF transactions and password data, without allowing them to manipulate their data:
TSS ADMIN(ALL) DATA(BASIC,XAUTH,LCF,PASSWORD)
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|