TSS LIST granularity in CA Top Secret

book

Article ID: 141776

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Can an administrator's authority be limited to display a SSN user defined FDT field?

Environment

Release : 16.0
Component : CA Top Secret for z/OS

Resolution

Currently there is no granular functionality that limits which FDT fields like a SSN custom user field on a users records. Administrators either have the ability to look at all FDT fields or they don't.

A user program could be written to display the users TSS LIST information and not include certain fields.

The application would issue a security check against a user defined resource class to determine if the user has access to certain fields, then the user written program would display only those fields they have authority.

Example, create a resource class called AUTHFLDS.

Issue a TSS PERMIT(xxxx) AUTHFLDS(SSN) to authorized the user to see the SSN field. Issue the PERMIT for every field you want shown.

The user written program would invoke a TSSAI RESLIST to see what AUTHFLDS the user is authorized.

Then the application would list out the user only with the fields they are authorized for.