Most resources must first be owned before their use can be authorized. The principal exceptions are commands, which are protected through the USERx class resources. Either the TSS CREATE or ADDTO functions must be used to assign ownership of any of the ownable resources. The former is used at the time an ACID is being defined. The latter can be used at any time.
The administrative authority required to add or remove ownership of resources is RES(OWN). The keyword RESOURCE applies to all ownable resource classes. Specific resource class keywords may be used instead of RESOURCE to restrict the authority of the administrator. For example, PGM(OWN) authorizes the administrator only to add or remove ownership of programs. The ACID to which the resource is being added or removed must lie within the scope of the administrator.
“Default protection of resources” means that an ownable resource will have security protection even if it is not defined to CA Top Secret. That is, a security violation will occur if a request is made to access any unowned resource. (In FAIL MODE this situation exists automatically for data sets.)
To extend default protection to all resources, pre-defined in the RDT Record, whether the governing mode is WARN, IMPLEMENT, or FAIL, assign the DEFPROT attribute to the specifically named resource class which is described in the subsequent headings.
An administrator can give default protection to any pre-defined resource.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|