Step 3.1 Control-O Security Definitions
Step 3.2 Function Security Definitions
Step 3.3 Control Program Access to Datasets
Step 3.4 Define CTO to TopSecret Facility Matrix
Select these steps to edit members CTOSTSS2, CTOSTSS3, CTOSTSS4, and CTOSTSS5.
Perform the following steps to define the required permissions.
The Control‑O monitor must be defined in the TopSecret Facility Matrix. The CTOSTSS2 member in the IOA INSTWORK library contains the necessary command to dynamically define Control‑O in the TopSecret Facility Matrix.
TSS MODIFY FAC(USER4=NAME=CTO)
This command defines Control‑O in the Facility Matrix until the next IPL.
TSS CRE(CONTROLO) NAME (...) DEPT(sec-administrator-dept)
TSS ADD(STC) PROC(CONTROLO) ACID(CONTROLO)
Authorizations to access Control‑O datasets are defined during the Control‑O installation process. This step must be completed before proceeding with security implementation. For information about how to grant users access to Control‑O datasets, see the Control‑O chapter of the INCONTROL for z/OS Installation Guide: Installing.
TSS ADD(CTO) PROF (profile-name)
For information about entities and user authorizations, see Control-O Basic Definition Security Calls and Control-O Extended Definition Security Calls.
TSS ADD(sec-administrator-dept) IBMFAC($$CTO)
For samples of user authorizations, review member CTOSTSS3 in the IOA INSTWORK library.
All entity names for each Control‑O protected element appear in Control-O Basic Definition Security Calls for Basic Definition mode and in Control-O Extended Definition Security Calls for Extended Definition mode.
TSS PERMIT(USERA) IBMFAC($$CTOEDM.qname) ACC(READ)
Do not define the $$CTOEDM entity to operate in warning mode because this causes all users to operate in Extended Definition mode.
TSS ADD(USERA) IBMFAC($$CTO)
TSS PERMIT(USERA) IBMFAC($$CTO) ACC(READ)
This job must be run under the ACID of the general security administrator (SCA) who has authorization to enter these TopSecret commands.
All job steps must end with a condition code of 0.
Parent Topic |