How to implement Top Secret (TSS) as the security system for TPX?

Document ID : KB000024937
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction:

You can configure CA TPX to work with your security system including the option to building the users' TPX menu.

Here are the steps required for setting up Top Secret (TSS) as the security system used for sign-on to TPX.

 

Instructions:

1. Specify "TOPS" in the "Security System" field of the SMRT - Security Parameters.

2. You can use the Security Action/Message Table (SAMT) to customize the response of TPX to messages produced by CA Top Secret. (optional)

3. You can use the Top Secret (TSS) interface to specify how TPX determines profiles for dynamic users. (optional)

  • "Dynamic users" are users who are not maintained by TPX administration. Their profiles are not determined by records in the ADMIN files, but instead are determined when the dynamic user logs on.
  • If you specify Save Dynamic Users, newly built dynamic users are saved to the User file (ADMIN2) at sign-on to TPX. If so, then the user can perform self-maintenance in TPX Administration which is saved from one session to their next session. Security will still be queried to build their TPX menu every time that they sign on.
  • Use SMRT System Features to allow dynamic users and saved dynamic users as well as specifying the default dynamic user profile:
                 TPX System Options Table Detail Panel 
Panelid - TEN0105 Command ===> Userid - USERX02 Terminal - A55TU078 System Options Table: SMRTTEST Date - 12/08/08 Time - 11:09:30
System Features --------------- * ACCESS: MULTIPLE (Multiple, Single, Pass) * Affinity: N * Activate NetSpy Interface: N Activate TCPaccess Telnet Interface: Y * Activate OfficeVision Interface: N * Reconnect after PASS session: Y * Release Terminal upon Request: N * Dynamic Users Allowed: Y * Save Dynamic Users: Y * Default Dynamic User Profile: #DEFAULT * Notify Users when being VIEWed: N * Show Userid as "*" in Display List: N * Maximum number of Queued VIEW Msgs: 99
* Can be updated dynamically using the TPX Operator Reload Command
  • If not using security to determine profiles, use the customer-written TPXUSNSF exit.

 

4. Define all profiles to be used to TPX

Here are two methods for defining profile selection:

A) USER-LEVEL PROFILE SELECTION

1) Specify "Y" in the "Load profiles at startup" field of the SMRT (Performance Parameters).

2) Specify "USER" in the "Profile Selection" field of the SMRT (Performance Parameters).

3) PERMIT each profile to a Top Secret profile.

4) PERMIT the Top Secret profile to each user's security record.

For each profile name, a Top Secret profile with a matching name will be added to the user's profile list.

B) USER-LEVEL PROFILE SELECTION

1) Specify "Y" in the "Load profiles at startup" field of the SMRT (Performance Parameters).

2) Set up a new class in the Top Secret Resource Descriptor table (RDT)  

Note: If you encounter problems when using international languages, it can best to avoid special characters in the class name.  Use CATPX instead of CA$TPX.

- Define Resource Class CA$TPX to TOP SECRET:

TSS ADD(RDT) RESCLASS(CA$TPX) ATTR(NOMASK,PRIVPGM,DEFPROT,NONGEN,SHORT) ACLST(NONE,READ) DEFACC(NONE)

- Define CA$TPX Resource to TOP SECRET:

TSS ADD(owningacid) CA$TPX(profname)

- Authorize CA$TPX Resource to Acid

TSS PER(acid) CA$TPX(profname) ACC(READ)

3) Activate the class to TPX by specifying it's name in the "Resource Class" field of the SMRT (Security Parameters).

4) Set up each profile in the class, specifying which users can use that profile.

5) Indicate which profile should appear first in the user's list of profiles by entering "Y" in the "Profile Should be First" field of the profile.

(The field is in Profile Maintenance, under User/Group Maintenance.)

 

NOTES:

  • The TPXUSNSF exit can be used to add profiles to or delete profiles from the list provided by the security system.
  • Samplib TPXUTOPS is designed to do its own security calls to build the user profile, so it would can be incompatible with the above.

 

Example of PROFILE-LEVEL PROFILE SELECTION

TPX SMRT:

  Security Parameters 
  ------------------- 
  * Security System:           TOPS       * Profile Selection:         PROF 
  * Alias Name:                           * Resource Class:            CA$TPX   
Performance Parameters ---------------------- ...
Load profiles at startup: Y

TOP SECRET:

Define Resource Class CA$TPX to TOP SECRET:

TSS ADD(RDT) RESCLASS(CATPX) ATTR(NOMASK,PRIVPGM,DEFPROT,NONGEN,SHORT) ACLST(NONE,READ) DEFACC(NONE)

Define CA$TPX Resource to TOP SECRET:

SS ADD(owningacid) CA$TPX(profname)

Authorize CA$TPX Resource to Acid:

TSS PER(acid) CA$TPX(profname) ACC(READ)


Additional Information:

CA-Top Secret must be completely operational before CA-TPX is started.

CA-Top Secret can issue the TPX START command.

CA TPX 5.4 Programming Guide: How To Customize Security

CA TPX 5.4 Programming Guide: Additional Security Options