Why doesn't a user get suspended after exceeding the violations count?

book

Article ID: 17053

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Explanation why doesn't a user get suspended after exceeding the violations count?



We have a situation where an ACID is not getting suspended after the number of violations has been exceeded. This is a violation on a resource in the DB2TABLE resource class, following is from TSSTRACK:

D 1654 01DSNDIST DBF IISSRVP *88* SLCT CASR230L D2TB ABCP.ABC001_OPTUM_CONTROL
D 1654 03DSNDIST DBF IISSRVP *88* SLCT CASR230L D2TB ABCP.ABC001_OPTUM_CONTROL
D 1657 01DSNDIST DBF IISSRVP *88* SLCT CASR230L D2TB ABCP.ABC001_OPTUM_CONTROL
D 1657 01DSNDIST DBF IISSRVP *88* SLCT CASR230L D2TB ABCP.ABC001_OPTUM_CONTROL
D 1657 01DSNDIST DBF IISSRVP *88* SLCT CASR230L D2TB ABCP.ABC001_OPTUM_CONTROL
D 1657 03DSNDIST DBF IISSRVP *88* SLCT CASR230L D2TB ABCP.ABC001_OPTUM_CONTROL
D 1657 01DSNDIST DBF IISSRVP *88* SLCT CASR230L D2TB ABCP.ABC001_OPTUM_CONTROL

VTHRESH is set to 5. TSSTRACK shows 7 security violations.

Environment

Release:
Component: TSSMVS

Resolution

Run a TSSUTIL which will show the violations counter.

Look a the highest violation count. If your violation threshold is 5 and the violation count is under 5, this is why the user is not getting suspended.

The user will only get suspended if the violation count goes up to 5.

The violation counter is reset after a session terminates.

Example:

VTHRESH is set to 4. User signons on to terminal 'A' causes 3 violations. Then signs off. The counter is reset. Then he signs on to terminal 'B' and causes 3 violations. The user is not suspended because the counter was reset after he logged off terminal 'A'. If a 4th violation occurs on terminal 'B' the violation threshold will be exceeded and the user suspended. If the user signs off terminal 'B' after the 3rd violation, the violation counter is reset.