Define the CA WA CA 7 Edition Agent Job Submission/Command Security

Implementing Security with CA Top Secret › Define the CA WA CA 7 Edition Agent Job Submission/Command Security

Define the CA WA CA 7 Edition Agent Job Submission/Command Security

If agent job submissions and command executions are being validated, authorizations are performed to verify that the mainframe user (MFUser) is authorized to submit agent jobs to the specific agent name using the agent user ID. Authorizations are also performed to verify that the signed on user is authorized to perform any agent command executions. The AGCLASS keyword on the SECURITY statement determines the resource class used for these authorizations.

The following are examples of CA WA CA 7 Edition agent job submission and agent command execution rules:

This example illustrates defining ownership and then giving job submission authority using a specific agent user ID and specific agent name:

TSS ADDTO(CA7DEPT) AGENT(CA71.AGENTUSR)

TSS ADDTO

Specifies the CA Top Secret command used to define ownership for a resource.

CA7DEPT

Specifies the CA Top Secret ACID to receive ownership for a resource.

AGENT(CA71.AGENTUSR)

Specifies the resource class AGENT followed by the resource name.

TSS PERMIT(CA7USER) AGENT(CA71.AGENTUSR.AGTUSER1.UNIXAGT) ACCESS(READ)

TSS PERMIT

Specifies the CA Top Secret command used to authorize access to a resource.

CA7USER

Specifies the user ACID to receive access to submit the agent job.

AGENT(CA71.AGENTUSR.AGTUSER1.UNIXAGT)

Specifies the resource class AGENT followed by the resource name in the following format:

ca7-instance-id.AGENTUSR.agent-userid.agent-name

ACCESS(READ)

Specifies the access level. READ is required for agent job submission.

This example illustrates defining ownership and giving agent command execution authority for a specific agent name:

TSS ADDTO(CA7DEPT) AGENT(CA71.AGENTMSG)