Step 1. Implement Control-M/Tape Security

Follow the steps below to implement Control‑M/Tape security.

Step 1.1 Grant Access Permissions

Collect the data you need to define the INCONTROL entities and user authorizations to the security product.

In ICE, run the steps "Control‑M/Tape Security Definitions (Sample)" and "Functions Security Definitions (Sample)" to create two sample jobs.

Step 1.2 Customize Security Parameters

Table 75 Control-M/Tape Security Parameters

Parameter	Description
DEFMCHKT	When choosing a definition mode as COND to any of the Control‑M/Tape security modules, use qname together with the value given to this parameter as the high level qualifier, to determine the real definition mode to be used.
DSNCSE03	This parameter determines whether to perform a dataset authorization check in the CTTSE03 security module. Valid values are: YES — Perform dataset authorization check. Default NO — Do not perform dataset authorization check
DSNCSE06	This parameter determines whether to perform a dataset authorization check in the CTTSE06 security module. Valid values are: YES — Perform dataset authorization check. Default NO — Do not perform dataset authorization check
SECTOLT	This parameter determines the action to perform if your security product is inactive or a specific resource is not defined to the security product. Valid values are: YES —- Perform the action NO — Do not perform the action
TBLPCHK	This parameter determines whether the BLP parameter is checked when using Basic Definition mode. Valid values are: YES — Check parameter BLP in Basic Definition mode NO — Do not check parameter BLP in Basic Definition mode. Default
TRULCHK	During rule loading by CTTINIT, this parameter determines whether the CTTSE01 module checks if the dataset names or masks specified in the ON DATASET statement can be used by the owner of the rule. Valid values are: YES — Perform an ON DATASET authority check during rule loading. NO — Do not perform an ON DATASET authority check during rule loading. Default.


	Note: This check cannot be performed for rules with ON DATASET set to *, because it is impossible to verify if the owner of the rule is allowed to use any dataset in the site. Instead, the GRANTTB table in the CTTSE01 source member lists all the rules that can use this dataset masking.
TCHKINVL	During CHECK-IN process check VOLSER or SLNAME.

Table 76 Mode Parameters

Parameter	Description
Mode Definition	Specify one of the following values to determine the definition mode for the Control‑M/Tape security modules: COND—Conditional Definition mode. Default. BASIC—Basic Definition mode. EXTEND—Extended Definition mode.
DFMT01	Definition mode for Control‑M/Tape security module CTTSE01.
DFMT03	Definition mode for Control‑M/Tape security module CTTSE03.
DFMT04	Definition mode for Control‑M/Tape security module CTTSE04.
DFMT06	Definition mode for Control‑M/Tape security module CTTSE06.
DFMT09	Definition mode for Control‑M/Tape security module CTTSE09.

Step 1.3 Save Security Parameters into Product

This step saves all the security parameters specified for Control‑M/Tape. When this step completes, the Status column is automatically updated to COMPLETE.

Parent Topic

Implementing Control-M/Tape Security