The following steps are required to set up CA-Top Secret with general applications:
1) If users signon to this application, define a facility in CA-Top Secret for the application. To define a facility, add the following statements to the CA-Top Secret Parameter File:
Where 'USERnn' is one of the user defined facilities (ie USER20) 'name' is what you want the facility called 'xxx' is the first 3 characters of the program that starts the started task.
Any other facility control option (ie MODE, etc) can be modified from the default if desired.
2) Create a region acid for the started task.
TSS CRE(acid) TYPE(USER) DEPT(dept) PASS(xxxx,0) NAME('application region acid') FAC(STC)
This acid will need access to any resources accessed at startup.
(NOTE: In CA-Top Secret, it is recommended that all region acids be given a password and OPTIONS(4) be set in the CA-Top Secret parameter file to prevent the password prompt when the started task is started.)
3) Add a MASTFAC of the facility in step 1 to the region acid created in step 2. Also, if this is a multi user address space and jobs are going to be submitted from this application, the region acid will either need the NOSUBCHK attribute or must be cross authorized to all the acids that jobs submitted from this application will run under.
TSS ADD(acid) MASTFAC(name)
TSS ADD(acid) NOSUBCHK or
TSS PER(acid) ACID(acid2,acid3,acid4) where 'acid2,acid3,acid4'
is the list of acids that jobs submitted from the application will run under.
4) Define the proc to the CA-Top Secret started task table with the region acid created in step 2.
TSS ADD(STC) PROCNAME(proc) ACID(acid)
5) Authorize users to use the facility.
TSS ADD(acid) FAC(name)
6) Whatever needs to be done in the application to activate external security.