Setup CA SYSVIEW with CA Top Secret

book

Article ID: 131151

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Setting up CA Sysview with CA Top Secret.

Setting up SYSVIEW on LPAR. SYSVIEW documentaton has the following:

Required Access to New SAF Resource 
As part of migrating to the use of the GSVXSCFG DDname in the server address spaces, it became necessary to add additional security measures. These measures prevent unauthorized users from overriding configuration options. This release now requires that all of the CA SYSVIEW® Performance Management server address spaces have access to the following resource: 
ESM    SAF Class    SAF Entity    Access 
ACF2    SYSVIEW    SV.CREATE.SSID.<smfid>.<ssid>    READ 
RACF    FACILITY    SV.CREATE.SSID.<smfid>.<ssid>    READ 
TSS    CAGSVX    SV.CREATE.SSID.<smfid>.<ssid>    READ 
•    <smfid> is the SMF ID of the system where the server address space is executing. 
•    <ssid> is the Subsystem ID that was specified for the SSID= parameter during installation. The default SSID is GSVX. 
Optionally define the SAF Entity as a generic resource in your External Security Manager: 
SV.CREATE.SSID.* 
The server address spaces include: 
•    SYSVIEW Main Services Address Space (SYSVIEW) 
•    SYSVIEW User Interface Address Space (SYSVUSER) 
•    SYSVIEW Auxiliary Services Address Space (SYSVAUX) 
You should restrict update access to: 
•    The procedure library containing the startup JCL for any of the server address spaces 
•    The System Configuration data set pointed to by the GSVXSCFG DDname 

Environment

Release:
Component: TSSMVS

Resolution

TSS CAGSVX SV.CREATE.SSID.<smfid>.<ssid> READ 

converted to TSS would be: 

TSS ADD(owningacid) CAGSVX(SV) 

TSS PER(acid) CAGSVX(SV.CREATE.SSID.<smfid>.<ssid>) ACC(READ)