Now that CA Top Secret is functioning once again (hopefully on a reasonably up-to-date Backup File), the task of recovering recent Security File changes may be undertaken at a convenient time (or when the necessary personnel are available). Note that this should be done as soon as possible, since recent security definitions and password changes may have been temporarily negated.
The first step is to extract the applicable change records from the Recovery File. Of course, if the recovery file has been damaged or lost, the changes must be repeated manually. Adequate hardcopy records of security administration should be kept on a day-to-day basis to accommodate this situation.
Provided the Recovery File is intact, you may now use CA Top Secret's TSSRECVR utility to produce a TSS command script of all administration and implicit Security File changes incurred since the last automatic backup (or since the now-online Backup file was produced). Details on the operation of TSSRECVR and the CA Top Secret VM batch facility under which it executes may be found in the Batch Operations section in this guide. See that section for guidance in preparing and submitting the necessary Job Control Language; for purposes of illustration we will discuss here only the control statements and keywords required by the utilities.
Assuming the last backup was performed at 01:00 on the date of the failure, the following EXEC statement would be used:
//EXEC PGM=TSSRECVR,PARM='DATE(-00),TIME(0100)'
Successful execution of TSSRECVR produces two files in the submitter's virtual reader: a PRT (print, or listing) file and a PUN (punch) file. The PRT file is the SYSOUT listing of the utility's execution. It contains a log of the supplied execution keywords, a description of the age and contents of the Recovery File, the number of change records of various types extracted, and the overall condition code of the run.
You should inspect this file to verify that the expected results were obtained from your request.
The PUN file contains the resultant TSS command script. This script consists of actual Security Administrators' commands as well as simulated TSS command equivalents of automatic and user-generated changes (such as suspensions and password changes). Preceding each command is a comment record identifying the nature and source of the change and the date and time of its occurrence. Receive this file onto disk and, if desired, you may review and/or modify it in any way you see fit.
To apply the changes to the current Backup Security File, the TSS command script must be submitted for batch execution as input to the TSSCRIPT utility program.
Using a text editor (for instance, the VM/System Product Editor, XEDIT), add appropriate Job Control Language to the command script as described in the Batch Operations section of this guide and submit the file for execution. When the script completes, a listing file is returned to the submitter's reader in which each command is reproduced along with its result, followed by an overall completion summary. Review this listing for errors and, if necessary, correct and resubmit any portions which did not complete successfully.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|