Installing the Online Interfaces › How to Complete Configuration of the XMS Online Interfaces with CA CSM › Define Security Requirements

Define Security Requirements

You can define security requirements for CA Top Secret (eTrust CA Top Secret).

Follow these steps:

1. Rename the existing facility in the facility matrix table if you do not have a facility defined for VIEWXMS.

   TSS MODIFY FACILITY(USERnn=NAME=VIEWXMS)
   

   Note: The TSS MODIFY command is only valid until the next recycle of CA Top Secret. To make the change permanent, add the following to the CA Top Secret parameter file:

   FACILITY(USERnn=NAME=VIEWXMS)
   

2. Verify that the correct PGMname is defined for the new facility, where PGMname is either the first three characters or all the eight characters of the program name that is going to make security calls (EC2 or EC2DRV).

   TSS MODIFY FACILITY(VIEWXMS=PGM=EC2)
   

   Note: The TSS MODIFY command is only valid until the next recycle of CA Top Secret. To make the change permanent, add the following to the CA Top Secret parameter file after the FACILITY(USERnn=NAME=VIEWXMS) statement:

   FACILITY(VIEWXMS=PGM=EC2)
   

3. Create region ACID for the facility and add a master facility of the facility defined in Step1.

   TSS CREATE(VIEWXMS) PASSWORD(xxxx,0) TYPE(USER) DEPT(dept) NAME('CA VIEW XMS REGION ACID')
   

   TSS ADDTO(VIEWXMS) MASTFAC(VIEWXMS)
   

   We recommend that all started task (STC) acids be given a password and OPTIONS(4) be set in the CA Top Secret parameter file. OPTIONS(4) eliminates the prompt for a password when the STC starts, but if someone tries to signon with the STC acid, he needs to know the password.

   The region acid needs access to all resources accessed at startup.

   This access can be given by adding bypass attributes:

   TSS ADD(VIEWXMS) NODSNCHK NOVOLCHK ) or by permitting the specific resources

   TSS PERMIT(VIEWXMS) DATASET(xxxx) ACCESS(access) ).

   These resources include:

   • READ access to the XMS load library if pointing to this library in a STEPLIB concatenation.
   • READ access to any other libraries specified in the STEPLIB concatenation.
   • READ access to the SYSIN DD statement if it points to a dataset.
   • UPDATE access to the View database.

   If any other DD statements (that is, SYSPRINT, SARLOG, EBCUDUMP, SYSUDUMP, etc) in the XMS startup procs point to datasets instead of SYSOUT, READ access to these datasets is required.

4. Define the VIEWXMS STC to the TSS STC record.

   TSS ADDTO(STC) PROCNAME(VIEWXMS) ACID(VIEWXMS)
   

5. Give access to the ACIDs required to sign on to this facility from Step 1.

   TSS ADDTO(acid) FACILITY(VIEWXMS)
   

   Where 'acid' is the user acid that needs access, an attached profile, or the ALL record if all users must have access.

Install the ISPF/Cross-Memory Online Retrieval Option

The ISPF/Cross-Memory Online Retrieval Option runs under IBM's ISPF for z/OS Version 3.0 and higher.

Important! This interface requires Cross-memory services to be already installed. For more information, see Install Cross-Memory Services in this chapter.

Note: In the JCL for the cross-memory services task, the parameter XMSSUB must be set to YES.

Installation Steps

The following steps are required to install the ISPF/cross-memory online retrieval option. Each step is explained in detail later in the sections that follow.

1. (Optional) Add STEPLIB DD Statements to the TSO LOGON procedures if the load modules were not copied to a linklist library.
2. Add the panel and command table libraries to the TSO logon procedures. (For ISPF only, not for SPF.)
3. (Optional) Modify an SPF selection menu to select the online retrieval feature.

Note: For more information about the ISPF/cross memory online retrieval option, see the chapter "Online Interface Administration" in the Reference Guide.

(Optional) Step 1: Add STEPLIB DD Statements to the TSO LOGON Procedures

To add STEPLIB DD statements to the TSO LOGON procedures, Follow these steps::

1. Determine which one of the following actions you performed during the base-product installation:
   • Authorized the program load library
   • Copied the modules to a system authorized library

   If the CA View load modules were not copied to one of the libraries in the linklist, continue with this section. Otherwise, skip this section and go to the next section, Step 2: Add Panel and Command Table Libraries to TSO Logon.

   For this interface, the libraries do not have to be APF authorized. Authorization is provided in the cross-memory installation. Multiple versions of this online interface can coexist in one TSO library concatenation.

2. Perform one of the following actions:
   • Add a STEPLIB DD statement for the library that contains the load modules to the LOGON procedures for TSO users who use the ISPF/cross-memory online retrieval option.
   • Provide the load library that uses the ISPF LIBDEF facility.

   Note: If multiple versions are to run simultaneously, or if you want to run a previous version of SARSPF or SARTSO, concatenate the load library that you want SARSPF or SARTSO to use first.

More information:

Step 5. Modify the Skeleton JCL

Step 2: Add Panel and Command Table Libraries to TSO Logon

If you are going to run CA View under ISPF, proceed with this step. For Version 3 or higher, both the command table library and the panel library are used.

To add panel and command table libraries to the TSO LOGON procedure:

• Concatenate the command table library CAI.CVDETBL0 to DD statement ISPTLIB.
• Concatenate the panel library CAI.CVDEPNL0 to DD statement ISPPLIB.

Note: If you also plan to use SARSPF (the ISPF interface), and multiple versions of CA View, concatenate CAI.CVDETBL0 first. Use the CAI.CVDETBL0 from the most current release.