CA Top Secret Cics Application File Control Facility Security Interface.

Document ID : KB000045166
Last Modified Date : 14/02/2018
Show Technical Document Details

 

Introduction: 

 
-We have this new CAFC software working on our cics regions. But, we need the TSS definitions to enable the CAFC master update functions.
 
  

Instructions: 

 

 

Please, follow the steps below to implement CAFC security with CA Top Secret:

 

 

1°) Define the $CAFC class to the Top Secret Resource Description Table (RDT). 
 
TSS ADD(RDT) RESCLASS($CAFC) RESCODE(xxx) ACLST(ALL,UPDATE=6000,READ,CONTROL,NONE) 
 
To make the thing as flexible as possible the RESCODE xxx should be choose between 101 and 13F hexadecimal value. 
The resource class will be a PIE, i.e. it will be maskable. 
UPDATE=6000 makes having UPDATE access implies READ access. 
 
E.g: Here it is what the RDT looks like when $CAFC has been defined: 
 
RESOURCE CLASS = $CAFC 
RESOURCE CODE = X'112
ATTRIBUTE = MASKABLE,MAXOWN(26),MAXPERMIT(044),ACCESS 
ACCESS = ALL(FFFF),UPDATE(6000),READ(4000),CONTROL(0400) 
ACCESS = NONE(0000)
DEFACC = NONE 
 
2°) Define to CA Top Secret the MASTER authorizations and give permissions: 
 
TSS ADD(owner#) $CAFC(MASTER.) 
 
TSS PER(acid#) $CAFC(MASTER.cicsapplid) ACCESS(xxx) 
 
Owner# could be a department, division, zone acid.
acid# could be a profile, user acid. 
 
3°) Define to CA Top Secret the USER authorizations and give permissions:
 
TSS ADD(owner#) $CAFC(USER.)
 
TSS ADD(acid#) $CAFC(USER.cicsapplid.CAFCtype.name) ACCESS(xxxx)
 
CAFCtype Description:
 
DDN..........DDNAME records
DBD..........Database Definition records 
APL...........Application DDNAME records
TXN...........Application Transaction records
GRP...........Group records
MSG..........Message records
TAB...........RDO records
 
Owner# could be a department, division, zone acid.
acid# could be a profile, user acid. 
 
4°) Define to TSS the OPER authorizations and give permissions:
 
TSS ADD(owner#) $CAFC(OPER.)
 
TSS PER(acid#) $CAFC(OPER.cicsapplid.CAFCtype.name) ACCESS(xxxx)
 
CAFC Operation.....TSS Access xxxx
Request................control
Edit......................update
Browse..................read
 
Owner# could be a department, division, zone acid.
acid# could be a profile, user acid.
 

 

Additional Information: 

 

The above commands are valid for both CA Top Secret for z/OS r15.0 and r16.0