Most often, discontiguous saved segments (DCSSs) or named saved segments (NSSs) are used to share read-only storage between two or more virtual machines. An example is a DCSS for CMS. The CMS DCSS consumes more than 300K bytes of memory. By sharing a CMS DCSS, all CMS machines can point to a single common 300K+ byte section of memory, instead of having one copy per machine.
Both shared and unshared DCSSs are protected by CA Top Secret. With CA Top Secret’s DCSS keyword, you can secure standard program products such as PROFS (online message centers), SAS, and VSAM that run in a DCSS. To limit who is allowed to use these products, do not PERMIT users to use the DCSS. For example, the following lets USER82A use the SAS program, which resides in a DCSS.
TSS PERMIT(USER82A) DCSS(SAS)
Of course, the SAS segment must be defined by the system programmer in DMKSNT or via the DEFSEG command just as CMS must be defined.
Note: TSS PER(USERA) DCSS(CMS) does not protect CMS from IPLs. Instead, to protect CMS (or any other IPL-able DCSS), you must use the CPCMD keyword.
For example:
TSS PERMIT(USERA) CPC(IPL.CMS)
Using some variation of the last TSS command, you can protect IPL-able DCSSs.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|