Previous Topic: Resources and AuthorizationsNext Topic: Implementing External Security for CA Top Secret

SecurityExternal SecurityResources and AuthorizationsCharacter Translations

Character Translations

Certain characters that are allowable in report names and other definitions can be treated as 'wildcards' by some security products.

When the following characters appear in a resource name they are translated to the character specified:

Character

Translated to

& (ampersand)

! (exclamation)

* (asterisk)

+ (plus)

%(percent)

| (bar)

Character

Translated to

' ' (blank)

_ (underscore)

* (asterisk)

+ (plus)

& (ampersand)

!(exclamation)

%(percent)

|(bar)

Character

Translated to

' ' (blank)

_ (underscore)

& (ampersand)

!(exclamation)

* (asterisk)

+ (plus)

%(percent)

| (bar)

Character

Translated to

& (ampersand)

! (exclamation)

* (asterisk)

+ (plus)

% (percent)

| (bar)

‘ ‘ (blank )

_ (underscore)

¢ (cent sign)

_ (underscore)

! (exclamation point)

_ (underscore)

/ (slash)

_ (underscore)

< (less than)

_ (underscore)

( (left parentheses)

_ (underscore)

| (bar)

_ (underscore)

) (right parentheses)

_ (underscore)

; (semicolon)

_ (underscore)

¬ (not sign)

_ (underscore)

¦ (broken bar)

_ (underscore)

, (comma)

_ (underscore)

> (greater than)

_ (underscore)

? (question mark)

_ (underscore)

: (colon)

_ (underscore)

‘ (single quote)

_ (underscore)

= (equal sign)

_ (underscore)

" (double quote)

_ (underscore)

The access level required for the resource type is associated with functions in the SARCPL security block. The SARCPL security block is also passed to the SARSECUX user exit.

This table identifies the access level that is required for each of the resource types for the SARCPL functions.

Resource Type

Access Level

SARCPL Type

Function

BANR

READ

CPLFBSL, CPLFBACC

Access a banner page member

ALTER

CPLFBDEL

Delete a banner page member

DBAS

READ

 

SARDBASE IDXOUT function

SARDBASE STATUS function

UPDATE

 

SARDBASE BLOAD function

SARDBASE CONVERT function

SARDBASE COPY function

SARINIT function

SARDBASE LOAD function

SARDBASE MERGE function

SARDBASE OLOAD function

SARDBASE REORG function

SARDBASE RESTORE function

SARDBASE SET function

SARDBASE UNLOAD function

SARDBASE VERIFY function

SARDBASE VERIFY function

SARDBASE VERSION function

CONTROL

 

SARDBASE ADDDS function

ALTER

 

SARDBASE DELETE function

SARDBASE RENAME function

DEV

READ

CPLFCSL, CPLFCACC

Access device definition

UPDATE

CPLFCMOD

Add or change device definition

ALTER

CPLFCDEL

Delete device definition

DIST

READ

CPLFDSL, CPLFDACC, CPLFDIST

Access distribution definition

UPDATE

CPLFDMOD

Add or change distribution definition

ALTER

CPLFDDEL

Delete distribution definition

FILT

READ

CPLFFSL, CPLFFACC

Access filter rules

UPDATE

CPLFFMOD

Add or change filter rules

ALTER

CPLFFDEL

Delete filter rules

IDXN

READ

CPLFIFL, CPLFIFS

Access index name

IDXV

READ

CPLFISL, CPLFISS

Access index value

JOB

READ

CPLFJSL, CPLFJACC

Access a job

UPDATE

CPLFJMOD

Change user comments or assigned user ID for job

NOTE

READ

CPLFNASC

Access annotation or bookmark

 

UPDATE

CPLFNCSC

Add or change annotation or bookmark

ALTER

CPLFNDSC, CPLFNDEL

Delete annotation or bookmark

PANL

READ

CPLFPSL, CPLFPACC

Access an online panel member

ALTER

CPLFPDEL

Delete an online panel member

REPT

READ

CPLFSSL, CPLFBRS
CPLFLD

SYSOUTs/Reports

Load a report from tape

UPDATE

CPLFPRT, CPLFOPRT,CPLFMAIL, CPLFTMNT

Print a report, email a report, or mount a tape to access a report

CONTROL

CPLFCHG, CPLFKEEP, CPLFKTAP, CPLFKDEL, CPLFINDX, CPLFCLN, CPLFMIG

CPLFDELD

Keep, re-index, clean, migrate, delete disk, or change (batch retrieval) a report

ALTER

CPLFDEL

Delete a report

RAPS

READ

CPLFAPGS

Access to all page of report

SYS

READ

CPLFYSL, CPLFYACC

Access a SYSOUT definition

UPDATE

CPLFYMOD

Add or update a SYSOUT definition

ALTER

CPLFYDEL

Delete a SYSOUT definition

USER

READ

CPLFUSL, CPLFUACC

Access user definition

UPDATE

CPLFUMOD

Add or update a user definition

ALTER

CPLFUDEL

Delete a user definition

VIEW

READ

CPLFVSL, CPLFVACC

Access a logical view definition

UPDATE

CPLFVMOD

Add or update a logical view definition

ALTER

CPLFVDEL

Delete a logical view definition

The following sections list the steps necessary to implement support of external security with the product. There are descriptions and sample jobs for CA Top Secret, CA ACF2, and IBM's RACF. For simplicity, the examples assume that the SECID initialization parameter is set to "VIEW".