Controlling Access to Terminals

System Entry Security › Controlling Access to Terminals

Controlling Access to Terminals

Terminals can be protected in three ways:

By forcing a user to log on from a specific terminal
By restricting use of terminals in sensitive areas
By controlling who can DIAL a particular line on another virtual machine

Online terminals can be defined to CA Top Secret and then have their access selectively authorized. The TERMINAL keyword is used to establish access authorizations and restrictions. To identify an online VM terminal the following conventions are used:

TYPE	PREFIX	EXAMPLE
locally attached	GRAF plus four character local address	TSS ADD(BUDDEPT) TERM(GRAF02BA)
remotely attached VM-controlled network terminals	NETW plus four character resource id	TSS ADD(CORP) TERM(NETW0301)
logical devices	LDEV plus four character address of logical device which is arbitrarily defined	TSS ADD(CORPNET) TERM(LDEV1234)
VTAM/SNA	8 character LU name	TSS ADD(FINDEPT) TERM(xxxxxxxx)

Terminal access protection can be combined with facility limitations, time restrictions, DIALed terminals, etc. to further tailor system entry control.

The CA Top Secret resource class keyword TERMINAL is used to refer to both local and VTAM terminals.