To define CTMAS security, edit the ECSSTSS2 member in the IOA INSTWORK library and customize it as follows.
CTMAS security uses the IOASE07 and IOASE32 IOA security modules, as well as the CTMSE08 Control‑M security module, when IOA and Control‑M security interfaces are installed. Therefore, to complete CTMAS security, only the required definitions are necessary.
TSS CRE (CTMAS) NAME (...) DEPT(sec‑administrator‑dept)
Change the ACID definition in the following command to the appropriate ACID:
TSS ADD(STC) PROC(CTMAS) ACID(CTMAS)
Authorizations to access IOA datasets are optionally defined during the IOA installation process. This step must be completed before proceeding with security implementation. For information about how to grant users access to IOA datasets, see the IOA Installation chapter of the INCONTROL for z/OS Installation Guide: Installing.
TSS ADD (CTMAS) PROF (profile‑name)
For information about how to define Control‑M/Enterprise Manager entities and user authorizations to TopSecret, see Basic Definition Security Calls, and Extended Definition Security Calls.
TSS ADD(sec‑administrator‑dept) IBMFAC($$ECS)
For samples of user authorizations, see member ECSSTSS3 in the IOA INSTWORK library.
All entity names for each CTMAS protected element are described in CTMAS Basic Definition Security Calls , for Basic Definition mode and in CTMAS Extended Definition Security Calls, for Extended Definition mode.
Customize the following command to authorize USERA access to the Online monitor:
TSS ADD(USERA) FACILITY(CTW)
Customize the following command to authorize the CTMAS installer to use CTMAS facilities:
TSS PERMIT(USERA) IBMFAC($$ECS) ACC(READ)
Submit the job and verify that all steps complete with a condition code of zero. Run this job under the ACID of the general security administrator (SCA) who has authorization to enter these TopSecret commands.
Parent Topic |