Step 3.1 ControlM/Tape Security Definitions (Optional)
Select this step to edit the CTTSTSS2 member in the IOA INSTWORK library.
For information about how to define Control‑M/Tape entities and user authorizations to TopSecret, see Control-M/Tape Basic Definition Security Calls and Control-M/Tape Extended Definition Security Calls.
TSS ADD(sec-administrator-dept) IBMFAC($$CTT)
Set the sec-administrator-dept parameter to the appropriate value.
All entity names for each Control‑M/Tape protected element appear in Control-M/Tape Basic Definition Security Calls for Basic Definition mode and Control-M/Tape Extended Definition Security Calls for Extended Definition mode.
Authorizations to access Control‑M/Tape datasets are defined during the Control‑M/Tape installation process. This step must be completed before proceeding with security implementation. For details on how to grant users access to Control‑M/Tape datasets, see the INCONTROL for z/OS Installation Guide: Installing.
TSS PERMIT(USERA) IBMFAC($$CTTEDM.qname) ACC(READ)
Set the USERA parameter to the user ID of the Control‑M/Tape installer.
Do not define the $$CTTEDM entity to operate in warning mode since this causes all users to operate in Extended Definition mode.
TSS PERMIT(USERA) IBMFAC($$CTT) ACC(READ)
Set the USERA parameter to the user ID of the Control‑M/Tape installer.
This job must be run under the ACID of the general security administrator (SCA) who is authorized to enter these TopSecret commands.
All job steps must end with a condition code of 0.
Step 3.2 Functions Security Definitions (Optional)
Select this step to edit the CTTSTSS3 member in the IOA INSTWORK library. This member contains definition samples for the various Control‑M/Tape entities. Modify the definitions according to the requirements of the site and submit the job.
Step 3.3 Control Program Access to Datasets (Optional)
Select this step to edit the CTTSTSS4 member in the IOA INSTWORK library. This member contains a sample of the definitions required to define Program Pathing access authorizations to Control‑M/Tape datasets. Review the definitions and modify to meet the requirements of your site.
WARNING: BMC recommends that the security administrator first read Limiting Access to Specific Programs.
Parent Topic |