Previous Topic: Access LevelsNext Topic: Implement External Security for CA ACF2

SecurityExternal SecurityImplementing External Security for CA Top Secret

Implementing External Security for CA Top Secret

To implement external security for CA Top Secret, do the following:

Note: For more information about the commands listed in this section, see the CA Top Secret Command Functions Guide. The sample jobs can be found in CVDEJCL member RMOTSS.

  1. Add the CA Deliver resource types (classes) to the Resource Descriptor Table, for example: 
    //EXAMPLE   JOB ACCOUNT,PROGRAMMER                             
//RDT     EXEC PGM=IKJEFT01                                    
//SYSTSPRT DD  SYSOUT=*                                        
//SYSTSIN  DD  *                                               

    TSS ADDTO(RDT) RESCLASS(DLV@ACT)  RESCODE(37)                 +
    ATTR(LONG,NONGENERIC)                                     +
    ACLST(ALL,CONTROL,UPDATE,READ,NONE) +                      
    DEFACC(NONE)                                               
TSS ADDTO(RDT) RESCLASS(DLV@BACT) RESCODE(38)                 +
    ATTR(LONG,NONGENERIC)                                     +
    ACLST(ALL,CONTROL,UPDATE,READ,NONE) +                      
    DEFACC(NONE) 

    TSS ADDTO(RDT) RESCLASS(DLV@BANR) RESCODE(39)                 +
    ATTR(LONG,NONGENERIC)                                     +
    ACLST(ALL,CONTROL,UPDATE,READ,NONE) +                      
    DEFACC(NONE)                                               
TSS ADDTO(RDT) RESCLASS(DLV@BNDL) RESCODE(3A)                 +
    ATTR(LONG,NONGENERIC)                                     +
    ACLST(ALL,CONTROL,UPDATE,READ,NONE) +                      
    DEFACC(NONE)

    TSS ADDTO(RDT) RESCLASS(DLV@DBAS) RESCODE(3B)                 +
    ATTR(LONG,NONGENERIC)                                     +
    ACLST(ALL,CONTROL,UPDATE,READ,NONE) +                      
    DEFACC(NONE)                                               
TSS ADDTO(RDT) RESCLASS(DLV@DIST) RESCODE(3C)                 +
    ATTR(LONG,NONGENERIC)                                     +
    ACLST(ALL,CONTROL,UPDATE,READ,NONE) +                      
    DEFACC(NONE)                                               

    TSS ADDTO(RDT) RESCLASS(DLV@JOB)  RESCODE(3D)                 +
    ATTR(LONG,NONGENERIC)                                     +
    ACLST(ALL,CONTROL,UPDATE,READ,NONE) +                      
    DEFACC(NONE)                                               
TSS ADDTO(RDT) RESCLASS(DLV@PANL) RESCODE(3E)                 +
    ATTR(LONG,NONGENERIC)                                     +
    ACLST(ALL,CONTROL,UPDATE,READ,NONE) +                      
    DEFACC(NONE)                                               

    TSS ADDTO(RDT) RESCLASS(DLV@REPT) RESCODE(3F)                 +
    ATTR(LONG,NONGENERIC)                                     +
    ACLST(ALL,CONTROL,UPDATE,READ,NONE) +                      
    DEFACC(NONE)                                               
/*
  2. Create a department to own the resources, for example: 
    //EXAMPLE   JOB ACCOUNT,PROGRAMMER
//DEPT    EXEC PGM=IKJEFT01
//SYSTSPRT DD  SYSOUT=*
//SYSTSIN  DD  *
TSS CREATE(DLVRDEPT) TYPE(DEPT) NAME('DELIVER DEPARTMENT')
/*

    //EXAMPLE   JOB ACCOUNT,PROGRAMMER
//OWNER   EXEC PGM=IKJEFT01
//SYSTSPRT DD  SYSOUT=*
//SYSTSIN  DD  *
TSS ADDTO(DLVRDEPT) DLV@ACT(RMO.)
TSS ADDTO(DLVRDEPT) DLV@BACT(RMO.)
TSS ADDTO(DLVRDEPT) DLV@BANR(RMO.)
TSS ADDTO(DLVRDEPT) DLV@BNDL(RMO.)
TSS ADDTO(DLVRDEPT) DLV@DBAS(RMO.)
TSS ADDTO(DLVRDEPT) DLV@DIST(RMO.)
TSS ADDTO(DLVRDEPT) DLV@JOB(RMO.)
TSS ADDTO(DLVRDEPT) DLV@PANL(RMO.)
TSS ADDTO(DLVRDEPT) DLV@REPT(RMO.)
/*
  3. Make a profile and permit resource access to it, for example: 
    //EXAMPLE   JOB ACCOUNT,PROGRAMMER
//PROFILE EXEC PGM=IKJEFT01
//SYSTSPRT DD  SYSOUT=*
//SYSTSIN  DD  *
TSS CREATE(DLVRPROF) TYPE(PROFILE) NAME('DELIVER') DEPT(DLVRDEPT)
/*

    //EXAMPLE   JOB ACCOUNT,PROGRAMMER
//PERMIT  EXEC PGM=IKJEFT01
//SYSTSPRT DD  SYSOUT=*
//SYSTSIN  DD  *
TSS PERMIT(DLVRPROF) DLV@ACT(RMO.(G))  ACCESS(ALL) ACTION(FAIL)
TSS PERMIT(DLVRPROF) DLV@BACT(RMO.(G)) ACCESS(ALL) ACTION(FAIL)
TSS PERMIT(DLVRPROF) DLV@BANR(RMO.(G)) ACCESS(ALL) ACTION(FAIL)
TSS PERMIT(DLVRPROF) DLV@BNDL(RMO.(G)) ACCESS(ALL) ACTION(FAIL)

    TSS PERMIT(DLVRPROF) DLV@DBAS(RMO.(G)) ACCESS(ALL) ACTION(FAIL)
TSS PERMIT(DLVRPROF) DLV@DIST(RMO.(G)) ACCESS(ALL) ACTION(FAIL)
TSS PERMIT(DLVRPROF) DLV@JOB(RMO.(G))  ACCESS(ALL) ACTION(FAIL)
TSS PERMIT(DLVRPROF) DLV@PANL(RMO.(G)) ACCESS(ALL) ACTION(FAIL)
TSS PERMIT(DLVRPROF) DLV@REPT(RMO.(G)) ACCESS(ALL) ACTION(FAIL)
/*
  4. Add the profile to a user, for example: 
    //EXAMPLE   JOB ACCOUNT,PROGRAMMER
//ADDTO   EXEC PGM=IKJEFT01
//SYSTSPRT DD  SYSOUT=*
//SYSTSIN  DD  *
TSS ADDTO(userid) PROFILE(DLVRPROF)
/*