During the installation a security file is created in which only the Master Security Control Administrator (MSCA) ACID is defined.
The MSCA is the ACID that allows you to begin to define your security environment. Your organization is provided the flexibility to incorporate into your security environment any controls provided by CA Top Secret. Initially, the MSCA ACID is used to accomplish this. For information on establishing a security environment, see the Planning Guide.
Each user requiring access to the z/VM system must be assigned an ACID. Users requiring CA Top Secret administrative authorities must be defined as control ACIDs (SCA, DCA, VCA, or ZCA). All other users must be defined as user ACIDs (USER). This process is performed manually, or with the z/VM Directory Conversion Program (CAKVDIR EXEC), which is used to read the CP Source Directory and to generate from input a CA Top Secret command file which may in turn be used to populate the Security File.
The z/VM Directory Conversion Program (CAKVDIR EXEC) creates ACIDs of types DEPARTMENT and USER and resources of type VMMDISK. All other ACID types and all other resource types are defined manually.
If an existing Security File, shared with other systems, is to be used, the output of the z/VM Directory Conversion Program must be carefully edited to remove any commands which would create definitions inconsistent with existing definitions. Duplicate resource definitions must be reviewed. Where necessary, existing permissions may need to be revoked and re-permitted using the SYSID restriction. New permissions may require the addition of a SYSID restriction.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|