Valid on z/OS and z/VM.
Use the MODE control option to select the security mode in which CA Top Secret will operate for all facilities.
The MODE option is used to set a global mode. Modes can be assigned to a specific subsystem facility, permitted to a specific ACID, or assigned by the ACTION keyword on a permission. The order of the search for MODE is:
More information on how to assign
All entry methods are accepted.
This control option has the following format:
MODE(DORMANT|WARN|FAIL|IMPL)
CA Top Secret will not perform security validation for normal users (everyone except security administrators). Normal users will enter their current signon and password, not a CA Top Secret password.
CA Top Secret will always perform password validation for Security Control ACIDs (security administrators). Security administrators who sign on with their security control ACID, is prompted for their CA Top Secret password. CA Top Secret will also always perform password validation for those users whose UADS data fields are being managed by CA Top Secret.
Exceptions can be specified via the DRC control option, or via the TSS PERMIT ACTION(FAIL) command.
CA Top Secret will perform security validations for all access attempts. Users who are guilty of security violations will receive a message indicating that they have violated security, but is not denied access to the resource unless exceptions have been specified.
All specified LOG options are in effect.
Exceptions can be specified via the DRC control option, or via the TSS PERMIT ACTION(FAIL) command.
This mode is referred to as a gradual implementation mode since it will fully protect defined resources, and monitor all access requests made by defined users. Defined resources are protected and violations result in denied access. This mode will, however, allow undefined users uninhibited access to undefined resources. Thus, security can be gradually applied to selected users and resources with little or no impact.
(Default) CA Top Secret will deny all unauthorized facility or resource access unconditionally. All users must be defined.
The MODE option is protected by the operator accountability feature. CA Top Secret prompts you for the proper ACID/password combination before processing the MODE option. CA Top Secret also creates an audit trail that identifies the ACID under which the MODE was specified.
Important! A MODE option issued after the startup of CA Top Secret resets not only the global MODE, but also resets the MODE of every facility.
|
Copyright © 2013 CA.
All rights reserved.
|
|