Resources may typically be owned by departments, divisions or zones and then PERMITted to users and profiles on an as-needed basis. Following this approach makes security administration simpler and more effective. Reasonable exceptions to the “rule” might be to let users own their minidisks or those OS/DOS data set files with names that begin with the user’s id.
The owner of a resource automatically has unlimited access to that resource. On the other hand, a user who has been PERMITted to use a resource might have unlimited or limited access to the resource.
Zone, division, department, and user ACIDs can all own resources. Of these ACID types, however, only users and profiles can be authorized (with TSS PERMIT) to access resources.
Note: If a particular department is given ownership of many resources that are PERMITted many times (500+), then it is a good idea to create some dummy departments and split up the ownership of these resources among them. This enhances processing efficiency by achieving a more balanced distribution of information on the CA Top Secret Security File.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|