A new RDT attribute called NONGENERIC has been incorporated in CA Top Secret. This new attribute causes a general resource to be treated as a fully qualified name rather than as a generic prefix.
The NONGENERIC attribute can support both long and short resource classes. This attribute does not, however, support the following resources which support masking:
As an example, an administrator can permit a user to resource IUCV(PSRV), which would allow an IUCV connection to virtual machine PSRV as well as to virtual machine PSRVTEST or any other virtual machine whose first four characters match the prefix, PSRV. If the NONGENERIC attribute is activated, however, a permit to IUCV(PSRV), only allows the user to connect to virtual machine PSRV and not PSRVTEST. In order for the user to be allowed to issue either transaction, the permit must be done to IUCV(PSRV(G)).
Note: The NONGENERIC attribute causes a general resource to be treated as a fully-qualified resource only in a permit. By contrast, ownership (add) of a resource with the NONGENERIC attribute is considered to be GENERIC, and a (G) will appear after the resource name in TSS WHOHAS, WHOOWNS, and LIST output. To have a resource with the NONGENERIC attribute owned as a fully-qualified resource, the resource name in the TSS ADD command should be surrounded with single quotes and a trailing blank, as in the following example:
TSS ADD(USER01) IUCV('PSRV ')
To alter a particular general resource class to conform to the NONGENERIC attribute, the administrator enters:
TSS REPLACE(RDT) RESCLASS(VMRDR) ATTR(NONGENERIC)
Where the VMRDR keyword is the resource class to be altered.
To remove the NONGENERIC attribute, the administrator enters:
TSS REPLACE(RDT) RESCLASS(VMRDR) ATTR(GENERIC)
When changing the resource class from GENERIC to NONGENERIC, or from NONGENERIC to GENERIC, the security validation behavior for all existing definitions is preserved. However, resources will list differently and administrative commands which follow will have a different effect.
The NONGENERIC attribute applies to the following resources by default:
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|