Can We Have STCs Running With Acid *BYPASS*?

book

Article ID: 16989

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction



 

 

- Would it even be better to associate the started task proc with the BYPASS acid in the STC record?

 

- Is There much documentation about *BYPASS* except that it is also associated with started tasks that come up before Top Secret? 

Environment

z/OS

Resolution

 

- For the address spaces that you want to put in BYPASS, you do not have to do anything because BYPASS bypasses security. Since BYPASS is not an actual acid, you can not add a UID or other       attributes to it. 

- For the address spaces that you are not going to put in BYPASS because they need UID(0) or other attribites, the acids associated with these started tasks should have an OMVS segment with       UID(0) and the bypass attributes (NODSNCHK, NOVOLCHK, NORESCHK, NOSUBCHK and NOLCFCHK) to be TRUSTED. 

- Remember we recommend that all started task (STC) acids be given a password and OPTIONS(4) be set in the TSS parameter file. OPTIONS(4) will eliminate the prompt for a password when       the STC starts. If someone tries to signon with the STC acid, he will need to know the password. 

- The STC could be recycled (restarted), but it should be signed on by TSS on the first security check occurring in the address space.

Additional Information

 

- If you want to have more information about STC management with CA Top Secret go to link:

 

https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/implementing-in-cics-and-other-interfaces/implementing-security-for-stc/stc-started-task-considerations