Each virtual machine may have one or more virtual readers. Readers are the common mechanism for submitting work from one virtual machine to another on the same real CPU. CA Top Secret protects virtual readers by restricting, through the VMRDR keyword, who is allowed to place files in a virtual reader. For example, the following calls CA Top Secret security and controls any spooling activity directed toward the CMS batch reader:
TSS ADDTO(USER01) VMRDR(CMSBATCH)
Reader protection also extends to other readers, such as RSCS readers and readers for other operating systems (such as MVS) working under VM.
CA Top Secret also provides extended security controls for the CP SPOOLing commands—TRANSFER, CHANGE, ORDER, and PURGE—through the CPCMD keyword. For example, the following permits USER01 to issue a TRANSFER against his own spool files (with what amounts to a class G access right):
TSS PERMIT(USER01) CPCMD(TRANSFER)
Conversely the following lets USER01 transfer any spool files from any user (normally a CP class D privilege):
TSS PERMIT(USER01) CPCMD(TRANSFER) ACTION(VMPRIV)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|