The new ESM facility allows the customer to control user access to product commands through an ESM product. The ESM facility provides an alternative to the existing GRANT/WITHHOLD command authorization support. Administrators now have a choice of using the existing command authorization facility or the new ESM facility. This ESM facility gives system administrators the ability to control and audit the use of CA VM:Director product commands.
Typically, access is allowed to three types of end users:
To use this feature, a RACROUTE-compliant ESM product, such as CA Top Secret for z/VM, must be installed. ESM rules must be defined for each CA VM:Director command, specifying which users are authorized to issue the command.
The ESM will do one of the following:
ESM command authorization enables CA VM:Director administrators to provide specifics about users and the commands you want to authorize for their use. The specifications are then run against an ESM database containing the rules under which users are granted or denied the ability to use the specified commands.
The CA VM:Director product issues the standard mainframe RACROUTE macro to match submitted resource names to the rules in the ESM database. Resource names are generally grouped in classes. The one- to eight-character class name is specified on each RACROUTE macro. The class name is defined using the ESM configuration statement. For more information, see ESM Configuration Statement in this chapter. The resource names for command authorization testing are strings of one- to eight-character tokens separated by periods. For an example of how to use resource names, see Creating Command Authorization Rules.
|
Copyright © 2014 CA.
All rights reserved.
|
|