Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Ops Infrastructure 7.1.

Setting up Computer Technologies CA Top Secret

If CA Top Secret is your primary ESM, you must perform the following procedures to support the Security interface:

  • Define a Facility Matrix entry for Security processing.
  • Authorize the CAS and PAS started tasks.
  • Add a SAF resource class (optional).
  • Define ownership of resources.

For complete information about administering CA Top Secret, refer to your CA Top Secret documentation.

Note

To access UNIX System Services data, the MainView for Unix System Services PAS must have superuser authority. The PAS requires that a user ID be defined to the security system (such as CA Top Secret) and assigned to the PAS STC by the security system’s facilities.

To define a Facility Matrix entry

  1. Select one of the unused, predefined USER facilities that are provided by CA Top Secret.

  2. Specify the required security attributes in the TSSPARMS data set where the selected USER facility is configured.The Following figure illustrates the required statements. In these statements, the names USER9 and RTCS are used as examples.

    FACILITY(USER9=NAME=RTCS)            * Required
    FACILITY(RTCS=PGM=BBM)               * Required
    FACILITY(RTCS=MULTIUSER)             * Required
    FACILITY(RTCS=NOIJU)                 * Required
    FACILITY(RTCS=NOABEND)               * Required
    FACILITY(RTCS=ACTIVE)                * Required
    FACILITY(RTCS=AUTHINIT)              * Required
    FACILITY(RTCS=NOEODINIT)             * Required
    FACILITY(RTCS=SIGN(M))               * Required
    FACILITY(RTCS=NONPWR)                * Required
    FACILITY(RTCS=NOTSOC)                * Required
    FACILITY(RTCS=NOPROMPT)              * Required
    FACILITY(RTCS=LOCKTIME=000)          * Required
    FACILITY(RTCS=RES)                   * Required
    FACILITY(RTCS=MAXUSER=500)           * Recommended
    FACILITY(RTCS=ASUBM)                 * Recommended
    FACILITY(RTCS=MODE=FAIL)             * Recommended
    FACILITY(RTCS=WARNPW)                * Recommended
    FACILITY(RTCS=DORMPW)                * Recommended
    FACILITY(RTCS=LUUPD)                 * Recommended
    FACILITY(RTCS=MSGLC)                 * Recommended
    FACILITY(RTCS=NORNDPW)               * Recommended
    FACILITY(RTCS=NOPROMPT)              * Recommended
    FACILITY(RTCS=SHRPRF)                * Recommended
    FACILITY(RTCS=PRFT=005)              * Recommended
    FACILITY(RTCS=LUMSG)                 * Recommended
    FACILITY(RTCS=STMSG)                 * Recommended
    FACILITY(RTCS=LCFTRANS)              * Recommended
    FACILITY(RTCS=XDEF)                  * Recommended

To authorize the CAS and PAS started tasks

  1. Define ACIDs for the CAS and each PAS and associate them with the Facility Matrix entry that was defined for MainView products.

    1. To define an ACID for the CAS, issue the following TSS CREATE command:

      TSS CREATE(BBMCAS) NAME('SYSA CAS') FACILITY(STC,BBI3)
         + PASSWORD(NOPW,0) DEPT(deptacid) MASTFAC(BBI3)

      In this example, BBMCAS is the ACID that is being defined for the CAS on SYSA. The name of the previously defined Facility Matrix entry is BBI3.

    2. To define an ACID for a PAS, issue the following TSS CREATE command:

      TSS CREATE(BBMPAS) NAME('SYSA PAS') +
           FACILITY(STC,BBI3)PASSWORD(NOPW,0) +
           DEPT(deptacid) MASTFAC(BBI3)
  2. Define the CAS and PAS as started tasks to CA Top Secret.

    1. To define the CAS procedure as a started task, issue the following TSS ADDTO command:

      TSS ADDTO(STC) PROC(BBICAS) ACID(BBMCAS)

      In this example, the CAS procedure called BBICAS is to use the previously defined ACID of BBMCAS.

    2. To define a PAS procedure as a started task, issue the following TSS ADDTO command:

      TSS ADDTO(STC) PROC(BBIPAS) ACID(BBMPAS)

To authorize users to the MainView Security facility

When users connect to a CAS or PAS, they must be authorized to the same facility as the MASTFAC that is associated with the ACID of the CAS or PAS. The following TSS ADDTO command illustrates the authorization that is needed for each user:TSS ADDTO(user_ID) FACILITY(BBI3)

In this example, BBI3 is the name of the Facility Matrix entry that was identified as the MASTFAC for the ACID of the CAS and PAS.

To avoid having to authorize each user's ACID, you could add the BBI3 facility to a department, division, or profile ACID, or even to ALL, as shown here:

TSS ADDTO(ALL) FACILITY(BBI3)

To add a SAF resource class (optional)

Note

  • If you are using the security class name FACILITY, you can skip this step. FACILITY is transformed internally by CA Top Secret to IBMFAC.
  • If you want to specify a security class other than FACILITY (as described in Identifying-the-security-class), you must update the CA Top Secret resource definition table (RDT) record.

Update the RDT by issuing the following TSS ADDTO command:TSS ADDTO(RDT) RESCLASS(class)+

RESCODE(3B)ATTR(PRIVPGM,LONG,GENERIC)+

ACLST(NONE,READ,UPDATE,ALL)+

DEFACC(NONE)

where class is a user-defined class name to be used by MainView Security.

Note

  • The RESCODE value shown here, X’3B’, is only an example. You must choose a two-digit hexadecimal resource code that:
    • Is within the range permitted by CA Top Secret
    • Does not conflict with any other user-defined resource class that has been added to the RDT
  • The LONG and GENERIC attributes are required.
  • The access levels that are shown (NONE, READ, UPDATE, ALL), and the default access level (NONE) are only examples. You can choose your own access level names and default access level.

To define ownership of resources

To define ownership of the 

MainView

 resource name prefix to CA Top Secret, issue the following TSS ADDTO command:TSS ADDTO(ownacid) class(BBM)

where

ownacid

is the CA Top Secret organizational ACID record

class

is the name of the SAF resource class that you are using for MainView resources

If you are using resource class FACILITY, specify the external name, IBMFAC.

BBM

is the high-level prefix of the MainView resource names that are to be owned in the specified resource class

Related topic

How-to-set-up-your-ESM-for-windows-mode

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*