Without CA Top Secret, any user who logs on to VM must be listed in the VM directory. However, by putting CA Top Secret security in place, you can establish additional points of control for the user to log on.
First, define the user to CA Top Secret. In doing so, you have many options. The following is an example of one such definition:
TSS ADDTO(USERA) SOURCE(terminal) PAS(password) FAC(VM) TSS PERMIT(USERA) CPU(cpu) TIME(08,16) DAYS(M,W,F)
Setting up USERA as in the example above means that the user can only log onto VM from a certain terminal on a certain CPU between 0800 and 1600 hours on Monday, Wednesday, and Friday. Furthermore, the user must supply the correct password to get access to any of these resources.
When CA Top Secret security is operating, all users are asked to supply logon information through the following prompt (even when the CA Top Secret password is not enforced):
“TSS0100A Enter password, LOGOFF, or HELP (it will not appear when typed):”
When CA Top Secret security is NOT operating, an IBM prompt appears. Instead of the CA Top Secret password, all users must supply the password from the CP directory.
Note: At logon, the minidisks that are automatically linked must be verified by CA Top Secret. To be verified, they must appear in that user’s Security Record, as they appear in the CP directory. For instance, if the CP directory has USERA set up for automatic access to MAINT.0190, MAINT.019D, and MAINT.019E, the Security Administrator must authorize USERA for access to those minidisks:
TSS PER(USERA) VMMDISK(MAINT.0190,MAINT.019D,MAINT.019E) ACC(READ)
If the Security Administrator fails to authorize the user for access to the correct minidisks at LOGON and the user is in non-DORMANT mode, the user receives a CA Top Secret violation message. Therefore, be sure that the Security Administrator matches the CP directory entry exactly. That includes duplicating the access level(s) given in the CP directory.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|