General Setup Instructions When Defining An Application To Top Secret
search cancel

General Setup Instructions When Defining An Application To Top Secret

book

Article ID: 13639

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

What are the general setup instructions when defining an application to Top Secret?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

The following steps are required to set up Top Secret with general applications:

1) If users signon to this application, define a facility in Top Secret for the application. To define a facility, add the following statements to the Top Secret Parameter File:

FACILITY(USERnn=NAME=name)

FACILITY(name=PGM=xxx)

Where 'USERnn' is one of the user defined facilities (ie USER20) 'name' is what you want the facility called 'xxx' is the first 3 characters of the program that starts the started task.

Any other facility control option (ie MODE, etc) can be modified from the default if desired.

2) Create a region acid for the started task. 

TSS CRE(acid) TYPE(USER) DEPT(dept) NAME('application region acid') FAC(STC) PROTECTED

This acid will need access to any resources accessed at startup. If you are not sure what these resources are, start with the acid in WARN mode so violations will be logged but access will not be denied.

TSS PER(acid) MODE(WARN)

Start up the region, then run TSSUTIL with:

REPORT EVENT(VIOL) ACID(acid) LONG END

This will give you the violations for the acid when the region starts. You can then permit these resources to the acid. Once you feel all the necessary resources are permitted, revoke the WARN mode permit (TSS REVOKE(acid) MODE(WARN) ).

3) Add a MASTFAC of the facility in step 1 to the region acid created in step 2. Also, if this is a multi user address space and jobs are going to be submitted from this application, the region acid will either need the NOSUBCHK attribute or must be cross authorized to all the acids that jobs submitted from this application will run under.

TSS ADD(acid) MASTFAC(name)

TSS ADD(acid) NOSUBCHK or

TSS PER(acid) ACID(acid2,acid3,acid4) where 'acid2,acid3,acid4'

is the list of acids that jobs submitted from the application will run under.

4) Define the proc to the Top Secret started task table with the region acid created in step 2.

TSS ADD(STC) PROCNAME(proc) ACID(acid)

5) Authorize users to use the facility.

TSS ADD(acid) FAC(name)

6) Whatever needs to be done in the application to activate external security.

Powered by Wolken Software