CA VM:Secure System and Resource Management
search cancel

CA VM:Secure System and Resource Management


Article ID: 10275


Updated On:


VM:Secure for z/VM


CA VM:Secure System and Resource Management


Release: VMSECR00400-3.2-VM:Secure


The CA VM:Secure rules facility provides additional security for managing access to your system and its resources:

  • Rules Facility
    The Rules Facility provides complete rule-based security control. For more information, see the Rules Facility.
  • Logon access control
    With the Rules Facility, CA VM:Secure monitors invalid logon attempts and records them by user ID and terminal address. When a threshold you specify for invalid attempts is reached, the user or terminal is denied system access.
  • Multiple layers of access control
    CA VM:Secure verifies logon passwords, but prevents a user ID or a terminal address from logging on if it has made too many invalid attempts at logging on. Even after a user ID is logged on, CA VM:Secure checks passwords before it processes most CA VM:Secure commands that user IDs can enter. Combined, these features provide several levels of control to your system.
    You determine the thresholds for access. For instance, you decide how many is too many invalid logon attempts for your system security needs. Additionally, you decide whether CA VM:Secure needs to check passwords before it processes commands that can affect your system resources.
  • Password management and standardization
    With CA VM:Secure, you can set systemwide standards that require users to change their system passwords on a set frequency. You can also set a minimum password length to make passwords more difficult to decipher, and deny password reuse so that old passwords are of no consequence should they become known to other users.
    User IDs with expired passwords must enter new passwords before they can complete a system logon. You can also configure CA VM:Secure so that users with expired passwords must have their directory managers reactivate their user IDs. This feature lets you easily spot inactive user IDs or user IDs that do not use the system often.
  • Delegated minidisk access control
    If you have installed the Rules Facility , users can specify who can link to their minidisks. CA VM:Secure can force users to enter their passwords to link to a minidisk owned by another user, or you can selectively allow links to occur without passwords.
  • Tape volume access control
    The CA VM:Secure interface to the CA VM:Tape product allows users to restrict who can access their tape volumes. You can add another level of tape security by configuring CA VM:Secure to require that users enter a password when they access a tape.