TSS LIST granularity in CA Top Secret
search cancel

TSS LIST granularity in CA Top Secret


Article ID: 141776


Updated On:


Top Secret Top Secret - LDAP


Can an administrator's authority be limited to display a SSN user defined FDT field?


Release : 16.0
Component : CA Top Secret for z/OS


Currently there is no granular functionality that limits which FDT fields like a SSN custom user field on a users records. Administrators either have the ability to look at all FDT fields or they don't.

A user program could be written to display the users TSS LIST information and not include certain fields.

The application would issue a security check against a user defined resource class to determine if the user has access to certain fields, then the user written program would display only those fields they have authority.

Example, create a resource class called AUTHFLDS.

Issue a TSS PERMIT(xxxx) AUTHFLDS(SSN) to authorized the user to see the SSN field. Issue the PERMIT for every field you want shown.

The user written program would invoke a TSSAI RESLIST to see what AUTHFLDS the user is authorized.

Then the application would list out the user only with the fields they are authorized for.