Security Administrators may use CA Top Secret to protect a specific CPU (identified in the system configuration file) once it is owned. Use the CPU keyword, along with TSS CREATE or ADDTO, to establish resource ownership.
Once owned, a CPU cannot be accessed unless explicit authorization is granted. The CPU keyword is the vehicle for specifying CPU ownership and authorizations.
For example, the following assigns ownership of this CPU to the department associated with ACID DEPT01:
TSS ADDTO(DEPT01) CPU(VMSYSA)
Remember that CPU is a “resource class” keyword--just like CPCMD, VOLUME, or VMMDISK.
To grant USER01 access to VMSYSA, a Security Administrator with the required administrative authority enters:
TSS PERMIT(USER01) CPU(VMSYSA)
By qualifying a TSS PERMIT with other attributes, CPU protection can be used to limit access to a CPU on a time-of-day basis. For example, to provide a virtual machine that can be accessed by the day shift, a Security Administrator enters a TSS command similar to this example:
TSS PERMIT(DAYUSER) CPU(VMSYSA) FACILITY(VM) TIME (08,17)
Suppose you restrict access between 8:00:00 and 17:00:00 hours, as in the last example. To compensate for a three-hour time difference, use TZONE:
TSS ADDTO(USER01) TZONE(-3)
This example shows how you compensate for a time difference of three hours. In this case, you know that the user is to your west because of the “minus” sign. Remember, minus sign means west; plus sign means east. TZONE may be added or created at the user or profile level.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|