Implementation of CA WA CA 7 Edition command security includes securing top line commands, application panel access and panel functions. Each CA WA CA 7 Edition panel has a unique panel-ID that can be defined as a resource to CA ACF2. For subsequent functions on each panel, which can involve multiple access types (READ, ADD, UPDATE, and DELETE), a service level can be specified on the resource rule to provide an additional level of protection.
For example, a user enters the DB top line command to access the Database Maintenance Menu. CA WA CA 7 Edition first checks the authority of the user to access the Database Maintenance Menu (panel-ID = L2DB). If the user has the authorization, the panel is displayed. The user now selects option 1 - Job Definition from the Database Maintenance Menu. This choice equates to a panel-ID of L2DB1. If the user has the appropriate authority, the panel is displayed. The user now enters the LIST option from the Job Definition panel to list JOBA. This choice requires a service level of READ on panel L2DB1 to perform the LIST command. If the user has the required authorization, JOBA is listed. The user now attempts the UPD option to update JOBA on the CA WA CA 7 Edition database. This choice requires a service level of UPDATE for panel L2DB1 to perform the update. If the user has the proper authority, the job is updated.
Remember that protection is provided not only for panels within CA WA CA 7 Edition but for the additional functions on each panel. Each command requires a service level entry on the resource rule definition to perform that function. For a list of the CA WA CA 7 Edition panel-IDs, commands, and access level requirements, see Security Tables.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|