IOA security definition samples are found in the IOASTSS2 member of the IOA INSTWORK library. The IOASTSS2 member is created in the IOA INSTWORK library after selecting this step.
IOASTSS2 contains the necessary command to dynamically define IOA in TopSecret Facility Matrix.
TSS MODIFY FAC(USER1=NAME=IOA)
This command defines IOA in the Facility Matrix until the next IPL.
Change the DEPT parameter value from security administrator, department to the appropriate ACID:
TSS CRE(IOA) NAME (...) DEPT(sec-administrator-dept)
Change the ACID definition in the following commands to the appropriate ACID:
TSS ADD(STC) PROC(IOAOMON1) ACID(IOA)
TSS ADD(STC) PROC(IOAVMON) ACID(IOA)
TSS ADD(IOA) PROF(profile-name)
IOAOMON must be authorized to any datasets that are accessed by online users.
TSS ADD(usera) FAC(IOA)
For information about how to define IOA entities and user authorizations to TopSecret, see Basic Definition Security Calls, and Extended Definition Security Calls.
Modify the following command to establish resource ownership in TopSecret to the appropriate owner:
TSS ADD(sec-administrator-dept) IBMFAC($$IOA)
For samples of user authorizations, review member IOASTSS3 in the IOA INSTWORK library.
All entity names for each IOA protected element appear in Basic Definition Security Calls, for Basic Definition mode and Extended Definition Security Calls , for Extended Definition mode.
Customize the following TopSecret command to establish Extended Definition mode for the IOA installer.
TSS PERMIT (USERA) IBMFAC($$IOAEDM.qname) ACC(READ)
Change USERA to the UID of IOA installer.
When an IOA security module is customized to CONDitional mode without access to this entity, the user works in Basic Definition mode. With access, the user works in Extended Definition mode.
Do not define the $$IOAEDM entity to operate in warning mode since this causes all users to operate in Extended Definition mode.
TSS ADD(USERA) FACILITY(IOA)
TSS PERMIT(USERA) IBMFAC($$IOA) ACC(READ)
This job must be run under the ACID of the general security administrator (SCA) who has authorization to enter TopSecret commands.
All job steps must end with a condition code of zero.
Parent Topic |