UID Security

Document ID : KB000027214
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Can CA 7 handle security at the job level?

Answer:

Yes.  UID security can be used with CA 7 to control what jobs can be accessed and by whom.

CA 7 UID, user security identification, can be used to control which users have access to which jobs. The UID can be found on the database (DB.1) job definition panel. To use external security to implement UID security controls, you need to perform the following steps:

  1. Decide if you wish to use the default UID table, SASSRTBL, or create a site-specific UID table. The source for SASSRTBL may be found in the CAISRC library and may be used as a model should you wish to build your own table. User Mod UL2Bx09 may be used to update the CA 7 SMP/E environment (x is release dependent and is 0 for r11, or 1 for r11.1)

  2. Add the keyword UID=aaaaaaa on the SECURITY statement in the init file, where aaaaaaaa is SASSRTBL for the default module or the name of the module you created).

  3. Authorize, through your external security package, user IDs to have access to resource names in the SASSRTBL (or site-specific module) that correlate to the UID value. This occurs under the PANEL resource class, or another class as defined by the RCLASS keyword.

  4. Put the resource name a user is permitted to use in the user's profile via the /PROFS command (see the CA 7 Commands Reference Guide for details).

  5. Ensure that a UID value is associated with each job through the job definition screen. This value will be used to determine which users have access to the job.

How it works:

When a user logs into CA 7, the user's profile is examined for the UID resource name (added via the /PROFS command). A security call is made to ensure the user has access to that UID resource. The UID resource is then resolved into a UID number from the SASSRTBL (or site-specific module). For example: if you give USER1 the profile resource of CA70001, then when USER1 logs on to CA 7, a call is made to external security to see if they have access to the resource of CA70001. If they do, then their UID value is set as 001, meaning that they can only access jobs with a UID value on the job definition screen of 1 or 0.

Without a UID= on the SECURITY statement, your internal security module is checked to see if the USERID is in it and if so, if it has a UID value, that value will be used. If you have assigned COIDs, you will continue to use your USER= module for this purpose.

Additional Information:

See the discussion of UID in the CA 7 Security Reference Guide and in the CA 7 Database Maintenance Guide discussion of the DB.1 (JOB) screen UID field.

As always, please contact CA Technologies support for CA 7 if you have further questions.

File Attachments:
TEC433608.zip