VMDIAL provides security for DIAL-able logical terminals. For instance, suppose USERJOE wants to issue a command, in order to access TSO (which is running under MVS on a virtual machine):
CP DIAL MVS 82
The security administrator must be sure that only qualified users dial the MVS machine. Thus, the administrator first adds this access authorization to a department:
TSS ADDTO(DEPT001) VMDIAL(MVS)
Note: In the example, the ownership of the MVS virtual machine’s DIAL-able GRAF devices are added to a department. You can do the same thing for a division or zone.
Then, because the user is within the scope of that department (or attached to a profile), the user can be authorized to issue DIAL commands:
TSS PERMIT(USERJOE) VMDIAL(MVS)
Now, when USERJOE issues a DIAL MVS 82, the user is asked for the ACID and password. By supplying the correct ACID and password, the user is allowed to DIAL directly into the 0082 terminal port.
Note: By using the method just described, the user can implement DIAL protection even for users who are not identified in the CP directory. Because the user accesses MVS directly without first logging onto a virtual machine, the user does not need to be known to VM. However, the user needs FAC(VM) or the facility defined for the terminal from which the user is issuing the DIAL.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|