Previous Topic: What is a Field?Next Topic: Distributed Security Processing

IntroductionWhy Use CA Top Secret?Control Options and Command Functions

Control Options and Command Functions

Control options and command functions are used to communicate with CA Top Secret. The basic distinction between control options and command functions is that control options define your security environment and command functions are used to maintain the integrity of the security database.

What are Control Options?

Control options are used to customize the security environment of a particular installation. Control options are typically set during installation, and are stored in the Parameter File. One of the most important control options is MODE, which determines how CA Top Secret reacts to a particular resource access request or violation. Many control options can be temporarily changed using the TSS MODIFY command function.

The following example tells CA Top Secret to modify the FACILITY control option so that users on the VM facility will be in IMPL mode.

TSS MODIFY(FAC(VM=MODE=IMPL))

What are Command Functions?

Command functions are the primary tool of the security administrator and are always preceded by the letters TSS. A command function is used to define ACIDs, assign attributes, and determine resource access.

For example, the following TSS command will assign a specific date on which an ACID will expire.

TSS ADD(USER01) UNTIL(04/06/04)

All command syntax components are described in the following examples:

1   2         3          4      5

TSS FUNCTION { (acid)  } KEYWORD(OPERAND)
             { (ACIDS) }
             { (AUDIT) }
             {(RDT)    }
             {(FDT)    }
             {(ALL)    }

Component

Description

Rules

1

TSS command name

Command must always begin with TSS.

2

Name of the function CA Top Secret will perform

Must immediately follow TSS.

Only one function entered per TSS command.

One or more spaces must be entered between TSS and the function.

3

Specifies the ACID being affected by the function.

ACID names can be up to eight characters in length and must conform to the restrictions established by your site.

4

Specifies the resource type or security attribute being processed by the function.

Keywords can be entered in any order.

Online: Keywords can be entered from line to line without special action.

Batch: The last keyword on a continuing line must be followed by a blank and a dash. The next keyword can be entered on the next input line.

5

Enter the specific prefix, resource name, or the required value name for a security attribute.

Operands must be provided and parentheses are required to indicate no value. If an operand is missing, any following keyword is ignored.

Entry Methods for Command Functions

Administrators can use the following methods to specify product command functions:

Example: Use Freeform to Specify a Command

This example shows a command that is entered freeform on the command screen:

TSS CREATE(USER01) TYPE(USER) NAME(‘H.PARKER’) PASSWORD(1234,30,EXPIRE)
     SOURCE(GRAF0076) PROFILE(BUDGET,TAXES,CRIME) DSN(SYS.01)
     DEPT(DEPTB01)

Example: Use an Administration Panel to Define a Command for Creating an ACID

This example demonstrates how to define a command for creating an ACID:

  1. If you have not already done so, link and access the following minidisks, based on the environment you are running (see the Runtime Environment tag for CA Top Secret and Common Security Services):
  2. Enter CATSS to display the CA Top Secret Selection Menu panel, from which you can define and modify ACIDs; permit and revoke access permissions; display status information; and perform other activities.
  3. Select option 1 to define a new ACID.

    An administration panel appears.

  4. Specify input information to define the command characteristics.

    The command can now be executed based on your defined characteristics.