Securing Resources › Resource Access Control

Resource Access Control

Once you have identified your resources to CA Top Secret, the next step is to design access authorizations for each ACID that will need to use those resources. An ACID’s authorization to a resource is determined by the PERMITs found in his user record, in the profile records attached to the user, and the ALL Record (which lists globally accessible resources). Access to ownable resources is restricted through the TSS PERMIT command and can be customized through the use of keywords. Unownable resources are restricted through the TSS ADDTO command and have limited customization capabilities.

This section introduces you to the following:

• The TSS PERMIT command
• Several TSS command keywords used for PERMIT customization
• Five special cases of resource protection, including
  • Limited Command Facility (LCF) for MVS
  • Owned Transactions (OTRAN) for MVS
  • Globally Accessible Resources
  • Default Protection through the DEFPROT attribute
  • Assigning bypass access checking attributes

    Note: OTRAN overrides LCF.