Previous Topic: Populate the Security FileNext Topic: CAKVDIR Return Codes

Populating the Security FileCAKVDIR Command

CAKVDIR Command

Use this command to create a TSS command file, which is then used as input to populate the Security File.

The CAKVDIR command reads a CP source directory and builds a file of TSS commands that CA Top Secret uses to create departments, profiles and users, and to assign minidisk ownership and permissions. By default, the TSS command file is built in TSSCRIPT format, but can instead be built in REXX format.

The name of the TSS command file built by this command is direct_fn TSS A.

As part of its processing, the CAKVDIR command calls the CAKVDIRE user exit to determine how to assign users to departments.

This command has the format:

CAKVDIR direct_fn ( REPlace DEPtspec(dept)  MDiskown(owmer) DEFTept(def_name)
Exec ALL MSCA(msca_acid)  FACility(fac_names)
direct_fn

Required. Specifies the filename of the CP source directory (the filetype must be DIRECT).

Note: The default name for the IBM source direct file is USER DIRECT.

REPlace

Replaces a currently existing TSS command file (direct_fn TSS A).

DEPtspec(dept ACIGROUP EXIT)

Required. Specifies how User ACIDs are assigned to department ACIDs:

dept

An 8-character Department name to which all User ACIDs is associated.

ACIGROUP

Specifies that the Department ACID is the same as the security group name specified on the ACIGROUP statement in each user’s CP directory entry.

If there is no ACIGROUP statement in the directory entry, that user is assigned to the default Department as specified on the DEFDEPT option.

EXIT

Specifies that the CAKVDIRE user exit be used to determine how to associate User ACIDs to Department ACIDs. For information on this user exit, see the section CAKVDIRE User Exit in this appendix.

If a department cannot be determined for a User’s CP directory entry, that user is assigned to the default Department as specified on the DEFDEPT option.

MDiskown (DEPT USER)

Specifies which ACID to own a user’s minidisks:

DEPT

(Default) Specifies that the Department ACID is to own user minidisks.

USER

Specifies that the users own their own minidisks.

DEFDept(dept_name)

Specifies the default Department ACID to create for user ACIDs not given a department by ACIGROUP or CAKVDIRE user exit. The default value is $direct_fn.

Exec

Specifies that the TSS command file is built in REXX EXEC format (V 255). By default the TSS command file is built in TSSCRIPT format (F 80).

ALL

Specifies that the TSS PERMIT (ALL) commands is included in the TSS command file based on minidisks. And access levels specified in the CAKVDIR ALL file. For information about how to create this file, see the section Specifying Common Resources later in this appendix.

By default, no TSS PERMIT (ALL) commands are included in the TSS command file

MSCA(msca_acid)

If specified, it suppresses the TSS CREATE(msca_acid) command for a TSSVM defined ACID that is also in the CP source directory (direct_fn).

By default, suppression doe not occur, and there is duplicate entries in the TSS command file. This may cause a non-fatal error TSS0315E ACID ALREADY EXISTS.

FACillity(fac_names)

If specified, overrides the default facility that is added to User and Control ACIDs. The default is FAC(VM).

To specify multiple facility names, separate them with a comma. For example:

FAC(VMSYS1,VMSYS2,BATCH)