When you have defined users to CA Top Secret and assigned system entry restrictions to them, the next step in building your security database is to secure your resources. For the purposes of CA Top Secret, securing resources involves:
Users are defined to CA Top Secret through their ACIDs. Resources are defined first through the Resource Descriptor Table (as part of a particular resource class) and then through individual ownership by a particular ACID. For example, terminal PD01 is defined first as a member of the resource class TERMINAL and then as an individual resource owned by ACID USER01. In the event a resource belongs to an unownable resource class, protection is extended through the Limited Command Facility (LCF).
Resource access authorizations are implemented through the TSS PERMIT command and can be customized through the TSS command keywords. Depending on the resource class, you can restrict a user’s access to that resource by day, time, facility, program, or level. Resource protection can also be extended on a default or global basis.
After a resource has been defined, and the appropriate authorizations issued, any future requests to access that resource are filtered through the Security Validation Algorithim. Access depends on PERMITs the ACID has, how explicit those PERMITs are, and where they are stored (in the user, profile or ALL Records).
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|