|
|
|
CA Top Secret considers a logical unit (LU) to be a TERMID resource type. Logical units are identified by their LU names.
To assign ownership of a particular logical unit
Use this format:
TSS ADD(ACTDEPT)TERMID(luname)
The CA Top Secret source of origin security feature can restrict a particular user or profile by permitting access to the system from designated LUs only.
To permit access to the system from designated LUs only
Use this format:
TSSADD(USER01)SOURCE(luname)
If access is denied to a logical unit, the following CA Top Secret message is generated:
TSS 974E TERMINAL(luname)ACCESS DENIED
CA XCOM Data Transport r11.6 provides the ability for the installation to create resource classes for Partner and Command security. Resource classes provide the ability to separate the security rules for CA XCOM Data Transport from other products to improve performance on refreshing the resource class.
A resource class is added to the Resource Definition Table (RDT) and must then have an owner defined before access can be granted to it.
Defines the name of the resource class for partner security.
Specifies the CA Top Secret resource code. Valid values are 001-03F for a General Resource or 101-13F for Prefixed Resource. A prefixed resource class is a resource that allows masking characters and has an ownership resource name length up to 26 characters. General resource classes only allow masking characters when defined with the MASK attribute, and have an ownership resource name length of eight characters.
Specifies the maximum permission length for the resource.
Specifies the resource access levels. For partner security, NONE and READ are the only levels required. CA XCOM Data Transport only looks for read access to the resource when checking access to a partner.
Defines the name of the resource class for command security.
Specifies the CA Top Secret resource code. Valid values are 001-03F for a General Resource or 101-13F for Prefixed Resource. A prefixed resource class is a resource that allows masking characters and has an ownership resource name length up to 26 characters. General resource classes only allow masking characters when defined with the MASK attribute, and have an ownership resource name length of eight characters.
Specifies the maximum permission length for the resource.
Specifies the resource access levels. For partner security, NONE, READ and UPDATE are the only levels required. CA XCOM Data Transport only looks for read or update access to the resource when checking access to a command.
Specifies the class and resource being defined as owned by the specified ACID. The resource class is specified for xcomfac and the resource name is defined as needed for a partner or command. The format for partner resources is described in SAF Security Call—Partner Security. The format for command resources is described in SAF Security Call—Command Security.
Specifies the resource in the specified class to be permitted to the specified ACID. The resource class is specified for xcomfac and the resource name is defined as needed for a partner or command. The format for partner resources is described in SAF Security Call—Partner Security. The format for command resources is described in SAF Security Call—Command Security.
Specifies the level of access to be granted to the ACID. This is based on the access levels defined to the resource class. For Partner security, you would grant either READ or NONE access based on whether the ACID is allowed to access the partner resource. For Command security, you would grant READ, UPDATE, or NONE access based on whether the ACID is allowed access to the command.
| Copyright © 2012 CA. All rights reserved. |
|