Permit mode question

Document ID : KB000033692
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

We want to issue a TSS PERMIT for CA View reports with ACCESS(NONE) and MODE(WARN) so access could continue while I contact the users and have them request approval.

 

 

Instructions: 

 

There is no way to code a rule in WARN mode, ie ACTION(WARN) is not valid on a TSS PERMIT command. (Only ACTION(FAIL) is valid.)

In FAIL mode, once the resource is defined to CA Top Secret or the DEFPROT attribute is set on the resource class, a user must be explicitly permitted to access to the resource. 

 

For this situation, the following action is recommended: 

 
TSS PER(ALL) class(SpecificResource) ACCESS(ALL) ACTION(AUDIT) 
 
and run TSSUTIL report:
 
REPORT EVENT(AUDTA) class(Report) END 

 

Additional Information:

Refer to the CA Top Secret Command Functions Guide and CA Top Secret User Guide for information regarding the TSS PERMIT command.

Refer to the CA Top Secret Report & Tracking Guide for information regarding the TSSUTIL utility.