What users require the NOATS attribute?
search cancel

What users require the NOATS attribute?

book

Article ID: 118833

calendar_today

Updated On: 11-01-2018

Products

Top Secret Top Secret - LDAP

Issue/Introduction

Do regular user acids require NOATS? We see in the documentation that it is recommended for administrative acids. What circumstances would allow a regular user acid to sign on as a terminal? 

Environment

Release:
Component: TSSMVS

Resolution

CICS ATS feature signs on a user automatically if no user is signed on at the terminal when a security check occurs. 

CA Top Secret will attempt to find an acid that matches the terminal id. If it finds that user, it will sign that user on.These acids must be defined when you choose to use ATS. 

If that acid had NOATS, that acid will not be used for ATS signon. 

Unless you have a lot of acids that match terminal id names, NOATS is really not needed. If you dont use ATS, then you really dont need NOATS. You can use NOATS to disable ATS by adding it to all the ATS terminal acids. 


If someone was 'smart' enough to fudge the terminal id definitions to have a terminal id if 'T123' because he knows that a TSS admin acid is called 'T123' exists, ATS would signon that acid and be able to issue TSS commands. This is why having NOATS is recommended for admin acids. This tactics can be used for regular acids also. So, this is something to consider. But if I were a hacker, I would choose a user with powerful credentials and not a regular user. The hacker would need knowledge of CICS and have CICS admin privileges to add/modify terminal definitions.