Step 3. TopSecret Security Definition Samples

Step 3.1 ControlM/Tape Security Definitions (Optional)

Select this step to edit the CTTSTSS2 member in the IOA INSTWORK library.

1. Define entities and user authorizations to TopSecret.

   For information about how to define Control‑M/Tape entities and user authorizations to TopSecret, see Control-M/Tape Basic Definition Security Calls and Control-M/Tape Extended Definition Security Calls.

   1. Add the following command to add the resources to TopSecret:

      TSS ADD(sec-administrator-dept) IBMFAC($$CTT)

      Set the sec-administrator-dept parameter to the appropriate value.

      All entity names for each Control‑M/Tape protected element appear in Control-M/Tape Basic Definition Security Calls for Basic Definition mode and Control-M/Tape Extended Definition Security Calls for Extended Definition mode.

2. Associate users with Extended Definition Modes.

   Authorizations to access Control‑M/Tape datasets are defined during the Control‑M/Tape installation process. This step must be completed before proceeding with security implementation. For details on how to grant users access to Control‑M/Tape datasets, see the INCONTROL for z/OS Installation Guide: Installing.

   1. Add the following TopSecret commands to define the $$CTTEDM entity to TopSecret, and authorize users to this entity:

      TSS PERMIT(USERA) IBMFAC($$CTTEDM.qname) ACC(READ)

      Set the USERA parameter to the user ID of the Control‑M/Tape installer.

   Do not define the $$CTTEDM entity to operate in warning mode since this causes all users to operate in Extended Definition mode.

3. Authorize the Control‑M/Tape installer to use Control‑M/Tape facilities.
   1. Customize the following command to authorize USERA to Control‑M/Tape facilities:

      TSS PERMIT(USERA) IBMFAC($$CTT) ACC(READ)

      Set the USERA parameter to the user ID of the Control‑M/Tape installer.

4. Submit the job.

   This job must be run under the ACID of the general security administrator (SCA) who is authorized to enter these TopSecret commands.

   All job steps must end with a condition code of 0.

Step 3.2 Functions Security Definitions (Optional)

Select this step to edit the CTTSTSS3 member in the IOA INSTWORK library. This member contains definition samples for the various Control‑M/Tape entities. Modify the definitions according to the requirements of the site and submit the job.

Step 3.3 Control Program Access to Datasets (Optional)

Select this step to edit the CTTSTSS4 member in the IOA INSTWORK library. This member contains a sample of the definitions required to define Program Pathing access authorizations to Control‑M/Tape datasets. Review the definitions and modify to meet the requirements of your site.

WARNING: BMC recommends that the security administrator first read Limiting Access to Specific Programs.