Not all resource classes can be restricted by access level or path. For this reason, CA Top Secret provides another layer of security through the ACTION keyword. The operand specified with the ACTION keyword tells CA Top Secret how to respond to an access request. For example:
TSS PER(USER03) TERM(PD01) ACTION(NOTIFY)
tells CA Top Secret to notify the security console when USER03 accesses the PD01 terminal.
In addition to ACTION(NOTIFY), the ACTION operands include the following:
Causes any unauthorized access attempt to be treated in FAIL mode regardless of the security mode the facility or user is in.
InstructsCA Top Secret to deny the ACID access to the resource.
Creates an audit trail when the resource is accessed.
Invokes theCA Top Secret Installation Exit.
Grants the accessor the privileged form of CP commands and DIAGNOSE instructions.
Allows a Security Administrator to administer resources that are not owned within his scope of authority. More information on resource administration is included in the "Administering Your Security Environment" chapter.
Adds additional password protection before granting access to a data set or minidisk.
Instructs CA Top Secret to only check volume authorizations for access requests to data sets on this particular volume.
Note: ACTION(DENY) does not apply to MVS data sets and volumes. Instead you can specify ACCESS(NONE).
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|