Setup CA SYSVIEW with CA Top Secret
Article ID: 131151
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
Setting up CA Sysview with CA Top Secret.
Setting up SYSVIEW on LPAR. SYSVIEW documentaton has the following:
Required Access to New SAF Resource
As part of migrating to the use of the GSVXSCFG DDname in the server address spaces, it became necessary to add additional security measures. These measures prevent unauthorized users from overriding configuration options. This release now requires that all of the CA SYSVIEW® Performance Management server address spaces have access to the following resource:
ESM SAF Class SAF Entity Access
ACF2 SYSVIEW SV.CREATE.SSID.<smfid>.<ssid> READ
RACF FACILITY SV.CREATE.SSID.<smfid>.<ssid> READ
TSS CAGSVX SV.CREATE.SSID.<smfid>.<ssid> READ
• <smfid> is the SMF ID of the system where the server address space is executing.
• <ssid> is the Subsystem ID that was specified for the SSID= parameter during installation. The default SSID is GSVX.
Optionally define the SAF Entity as a generic resource in your External Security Manager:
SV.CREATE.SSID.*
The server address spaces include:
• SYSVIEW Main Services Address Space (SYSVIEW)
• SYSVIEW User Interface Address Space (SYSVUSER)
• SYSVIEW Auxiliary Services Address Space (SYSVAUX)
You should restrict update access to:
• The procedure library containing the startup JCL for any of the server address spaces
• The System Configuration data set pointed to by the GSVXSCFG DDname
Setting up SYSVIEW on LPAR. SYSVIEW documentaton has the following:
Required Access to New SAF Resource
As part of migrating to the use of the GSVXSCFG DDname in the server address spaces, it became necessary to add additional security measures. These measures prevent unauthorized users from overriding configuration options. This release now requires that all of the CA SYSVIEW® Performance Management server address spaces have access to the following resource:
ESM SAF Class SAF Entity Access
ACF2 SYSVIEW SV.CREATE.SSID.<smfid>.<ssid> READ
RACF FACILITY SV.CREATE.SSID.<smfid>.<ssid> READ
TSS CAGSVX SV.CREATE.SSID.<smfid>.<ssid> READ
• <smfid> is the SMF ID of the system where the server address space is executing.
• <ssid> is the Subsystem ID that was specified for the SSID= parameter during installation. The default SSID is GSVX.
Optionally define the SAF Entity as a generic resource in your External Security Manager:
SV.CREATE.SSID.*
The server address spaces include:
• SYSVIEW Main Services Address Space (SYSVIEW)
• SYSVIEW User Interface Address Space (SYSVUSER)
• SYSVIEW Auxiliary Services Address Space (SYSVAUX)
You should restrict update access to:
• The procedure library containing the startup JCL for any of the server address spaces
• The System Configuration data set pointed to by the GSVXSCFG DDname
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
TSS CAGSVX SV.CREATE.SSID.<smfid>.<ssid> READ
converted to TSS would be:
TSS ADD(owningacid) CAGSVX(SV)
TSS PER(acid) CAGSVX(SV.CREATE.SSID.<smfid>.<ssid>) ACC(READ)
converted to TSS would be:
TSS ADD(owningacid) CAGSVX(SV)
TSS PER(acid) CAGSVX(SV.CREATE.SSID.<smfid>.<ssid>) ACC(READ)
Feedback
Yes
No
Powered by
