Minidisks can be accessed through MDISK (minidisk) or LINK statements in the VM directory, or with the CP LINK command.
No authorization is required for directory MDISK statements. As you may know, VM recognizes a user’s right to access the minidisks because they are defined in MDISK statements in the CP directory. Therefore, when a user links to the minidisk, VM processes the request. The same thing holds true for CA Top Secret security. However, when one user tries to LINK to another user, CA Top Secret intervenes.
Users gain access to minidisks at logon. Therefore, as mentioned above, administrators must be careful to match CA Top Secret authorizations with VM directory or CP LINK statements. To do so, a Security Administrator can use a TSS PERMIT command:
TSS PERMIT(DCADEPT1) VMMDISK(USER01.,USER02.,USER03.) ACCESS(READ)
That PERMIT allows the DCA to link to and access (READ) USER01’s, USER02’s, and USER03’s minidisks.
Minidisk LINK access, under CA Top Secret control, includes the following access levels, which are defined in the RDT Record:
Since minidisks are protected by default when CA Top Secret is in FAIL mode, there is no need to set up default protection for them. However, the Security Administrator may, at some point, need to change some other aspect--such as the allowable access levels (ACLST) or the default access level (DEFACC) of minidisks.
To modify the access levels for minidisks, the administrator must have the proper MISC1 authority. Then, the administrator can use this TSS command syntax:
TSS REP(RDT) RESOURCE(VMMDISK) ACLST(new access levels)
DEFACC(new default access level)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|