How to set up Top SECRET (CA TSS) definitions when implementing PassTickets with IDMS

Document ID : KB000044128
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Using PassTickets to access an IDMS CV system requires these definitional components:

·        Top Secret security definitions

·        Information defined in the IDMS security type table (SRTT).

The major components used in this process are the user id, the application id, the system id of the CV, the session key, and the resource class.

Answer:

Note : All of the following definitions are examples and can vary by installation, for instance if the session key is encrypted instead of masked. Other parameters can be selected for auditing, performance and other installation-specific needs.

Follow these steps:

1.     Create entries in the SRTT and issue supporting Top Secret commands to secure system signon externally. 
Note : For more information, see the Knowledge Base article
TEC465148 Security definition for TASK Codes in IDMS Central Version. 

2.     Define the resource class PTKTDATA:

TSS ADDTO(RDT) RESCLASS(PTKTDATA) ACLIST(ALL,READ,UPDATE) MAXLEN(37)

 

3. Add IDMSDEPT department ownership for resources of class PTKTDATA:

 

TSS ADDTO(IDMSDEPT) PTKTDATA(IRRPTAUTH)

 

4. Add a session key for each applid (PSTKAPPL):

 

TSS ADDTO(NDT) PSTKAPPL(IDMSSY73) SESSKEY(0123456789ABCDEF)

TSS ADDTO(NDT) PSTKAPPL(IDMSSY74) SESSKEY(ABCDEF0123456789)

 

5. Add permission for JOHN_SMITH to generate and use a PassTicket for SYSTEM 73:

 

TSS PERMIT(JOHN_SMITH) PTKTDATA(IRRPTAUTH.IDMSSY73.JOHN_SMITH) ACCESS(READ,UPDATE)

Additional Information:

IDMS 18.5 Release Notes (2nd Edition), Chapter 4, PassTicket Support

 

IDMS 18.5 Security Administration Guide, Chapter 4: Using External Security, subsection “Optionally Defining PassTickets”