Generating the Test System › Task KVC0I042—Define Security Database Files

Task KVC0I042—Define Security Database Files

This task:

• Defines the data set name and ID for the files
• Formats the minidisk with WRITE password (if applicable)
• Creates the Security File with all the correct parameters.

If you are using existing CA Top Secret security database files, this task uses the existing information and does not format the minidisks.

This task contains the panels:

• KVC0‑I042—Define Security Database Files (1 of 2)
• KVC0‑I043—Security File Parameters
• KVC0‑I044—Define Security Database files (2 of 2).

You can share the Security/Backup files, as well as the Audit/Recovery files with Release 1.2 and above of CA Top Secret for z/VM, and Release 4.3 and above of CA Top Secret for MVS (including CA Top Secret for z/OS Release 5.1). However, to provide auditing of greater than 44 byte resources, you must format a new Audit file that can only be shared with another 1.6 (or CA Top Secret for MVS Release 5.2 or CA Top Secret for z/OS Release 5.3) system and CA Top Secret for VSE 3.0 and above.

If this file will support mixed case passwords, run TSSXTEND after CA Top Secret is running. For information, see the appendix "Creating, Converting, or Extending The Security File".

To define your CA Top Secret security database files

1. From the Task Selection Menu, select panel KVC0‑I042.

   The panel is displayed with default data set names.

2. Type over the existing characters. Entries are case‑sensitive.

   File and vCUU

   No entry required. Security database files and device addresses are displayed.

   Data Set name

   Enter the OS‑format data set names assigned to the CA Top Secret security database files or accept the default values.

   Range: Up to 44 characters

   Format MDISK and data set?

   Enter:

   • 1 to indicate that this file is to be newly created and formatted.
   • 2 if the security database files already exist or if you intend to format them using CA Top Secret for z/OS or VSE.

   If the CA Top Secret security database files are shared files, answer NO. If you answer NO, the data set names for the security database files specified must match already existing files on another system.

   If yes, write password

   If a WRITE password is necessary, enter the link password for the minidisk. The WRITE password may not be required, for instance if CA Top Secret is active from a previous installation and allows WRITE access. If it is required, you are prompted for it.

3. Files that do not appear on panel KVC0‑I042 appear on panel KVC0‑I044 after completion of panel KVC0‑I042.
4. Press F2 .

   Panel KVC0‑I043 is displayed..

   If the minidisk appears to already be formatted, you receive a message.

5. Enter YES.

   The Security File, Audit/Tracking File and Recovery File are each formatted independently.

6. Panel KVC0‑I043, Security File Parameters

   To format the CA Top Secret Security File as part of the CA Top Secret security database, use this panel to specify or change parameters. The panel displays default and minimum values. Note that the data set names and ID entered on the previous panel are also displayed. Make the appropriate entries in each of the fields. Data specified for the Security File is used to automatically format the Backup File.

   ACCESSORS

   Indicates the maximum number of users, profiles, departments, divisions and zones defined in the CA Top Secret Security File. The five‑digit value entered here determines the amount of Security File space allocated to hold ACID‑related information.

   Minimum: 1000

   Default: 1000.

   BLOCKS

   Indicates the number of blocks for the Security File. Enter a five‑digit value. There is no default. If you do not specify a number, then a value is calculated based on the values given for the ACCESSORS and VOLUMES parameters.

   BLOCKSIZE

   Indicates the block size for the Security File based on the type of file on which it is resident. Enter a four‑digit value that must be a multiple of 256.

   Minimum: 8192

   DSN

   Indicates the data set name assigned to the Security File. The default is CAI.TOP.SECRET.SECURITY.FILE.

   ID

   Defines a name for the Security File.

   Range: 1 to 8 characters

   Default: PRIMARY

   PIEBLOCKS

   Specifies the number of blocks reserved for the PIE index. PIEs are used for ownership of maskable resources. Normally this value is not set and the number is calculated based on the value of the ACCESSORS= keyword.

   Range: 1 to 9999

   Default: Calculated by system

   RESBLOCKS

   Specifies the number of blocks reserved for the RIE index. RIEs are used for ownership of non-maskable resources.

   Range: 1 to 9999

   Default: 10

   SCA/PASSWORD

   This parameter identifies the ACID and password for the MSCA to CA Top Secret. Initially, it is the only ACID defined to CA Top Secret. The format is msca/password where msca is a one‑ to eight‑character MSCA ACID and password is a four‑ to eight‑character password assigned to that ACID. The password expires after the initial logon and can be changed at that point. However, the user can issue the TSS REPLACE function to specify a time interval for the MSCA's new password. If the user does not specify a time, the default expiration for that password is five days. There is no default for the SCA; it must be specified.

   	TSS REPLACE (MSCA) PASSWORD(PASSWORD|*[,0...255]
   

   SDTBLOCKS

   Specifies the number of blocks reserved for the special SDT record on your system.

   Range: 2 to 256

   Default: 2

   MAXACIDSIZE

   Allows a site to determine larger than normal ACID sizes. Values are in 1024 increments.

   Range: 256 to 512

   Default: 256

   VOLUMES

   Indicates the number of volumes/prefixes defined to CA Top Secret. This six‑digit value determines the amount of Security File space allocated to hold volume‑related information.

   Default: 500

7. Press F2

   Panel KVC0‑I044 is displayed.

8. Complete this panel and press F2.

   The task executes.

9. Press F3.