IBM HIS security setup for CA Top Secret.
CA Top Secret HIS Security Configuration
1. Create the HIS CA Top Secret FACILITY called 'HIS'.
To create a new FACILITY in your CA Top Secert TSSPARM file, rename an unused existing USERxx FACILITY entry to your desired FACILITY name. This new facility can be done dynamically, via a TSS MODIFY (FAC(USERxx=NAME=newfacilityname)).
In order to make this change permanent, update the CA Top Secret Control Options File with the same statements entered via the TSS MODIFY command.
Other default FACILITY attributes may also be modified at this time.
* It is recommended that NORES attribute be changed to RES for the FACILITY via TSS MODIFY FAC(facilityname=RES)
* Ensure that the mode is set properly via FACILITY MODE Control Option TSS MODIFY FAC(facilityname=MODE=mode)
* Please check your existing FACILITYs and compare them to your newly created FACILITY to help ensure you are conforming to your site specific security requirements.
2. Create the HIS started task acid with the CA Top Secret Bypass Attributes and valid OMVS segment.
TSS CREATE(HIS) NAME('HIS Started Task') TYPE(USER) DEPT(some_dept)
TSS ADDTO(HIS) NODSNCHK NOVOLCHK NOLCFCHK NOSUBCHK NORESCHK
TSS ADDTO(HIS) UID(12)
TSS ADDTO(HIS) DFLTGRP(OMVSGRP)
TSS ADDTO(HIS) GROUP(OMVSGRP)
TSS ADDTO(HIS) HOME(/u/users/his)
TSS ADDTO(HIS) OMVSPGM(/bin/sh)
* Substitute 'OMVSGRP' with the OMVS GROUP acid of your choosing.
* Substitute ‘12’ with your desired UID.
2.Assign the FACILITY to the started task acid HIS and authorize it to the required FACILITY's:
TSS ADD(HIS) MASTFAC(HISFAC)
TSS ADD(HIS) FAC(HISFAC)
TSS ADDTO(HIS) FACILITY(STC)
3. Assign HIS acid to the HIS started task.
TSS ADD(STC) PROCN(HISTC) ACID(HIS)
* Substitute 'HISTC' with the procname of your HIS started task.
4. Authorize the HIS acid to the OMVS file system and load libraries.
TSS PERMIT(HIS) DSNAME(OMVS.USER.HFS) ACCESS(ALL)
TSS PERMIT(HIS) DSNAME(LOAD.LIB) ACCESS(READ)
* Substitute 'OMVS.USER.HFS' with your USS file system dataset name.
* Substitute 'LOAD.LIB' with all load libraries accessed by the HIS started task.