search cancel

Master ACID owning generic resources

book

Article ID: 133699

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

Can you point me to the documentation concerning what happens when the Master ACID owns a generic resource like MQQUEUE(**)?   I

Environment

Release :

Component : CA Top Secret for z/OS

Resolution

There really isnt any specific in the doc that talks specifically about MSCA ownership. Top Secret is an open security package which means only those resources defined to the security file will be protected. If the resource is not defined to TSS, then it will not be protected by TSS and users will have unrestricted access to it. To define a resource to Top Secret, you have to 'own' the resource. This is where ownership comes in. 


Example: 

 TSS ADD(JOE) PROGRAM(ABCD) 


The above command tells TSS that program is protected now and if a user wants to access it, the user must have a PERMIT for it:


Example: 

 TSS PERMIT(MARY) PROGRAM(ABCD) ACC(ALL) Any acid can be the owner, but best practices are: 


1. Very broad ownerships are owned by the MSCA like MQCMD(**), PROGRAM(**), VOLUME(*ALL*(G)) 

2. Other regular ownerships should be give to depart type acids. Must site create special dept type acids to own the various resource types. 


Example: 

 Create an department type acid called 'PROGS' to own all the programs you want secured by TSS. 'CICSTRAN' department acid to own all CICS transctions. 'FILES' department acid to own all files and datasets....etc... The owning acids can be anything, but I suggest you use a meaningful name. 


The following links to our docs talks about ownership here and here