How And Why Is MASTFAC Used In Top Secret?

book

Article ID: 19040

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

CA Top Secret has a MASTFAC (Master Facility) operand. How and why is this used?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

The Master Facility (MASTFAC) is used on a region acid to associate a specific facility with all the address spaces that have that region acid. This is for both address spaces started as started tasks and address spaces started as batch jobs. Here is an example of each:

Started task
Proc CICSDEV is started as a started task. In the started task table (STC table), the procname has been added with an acid of CICSD1:

TSS ADD(STC) PROCNAME(CICSDEV) ACID(CICSD1) 

To have the predefined facility of CICSTEST associated with the CICSDEV address space, add CICSTEST as a MASTFAC to the region acid:

TSS ADD(CICSD1) MASTFAC(CICSTEST)

(NOTE: If the CICSDEV region is up when you issue the above command, it will need to be recycled to pick up the new MASTFAC.)

Now any user that signs on to CICSDEV will need access to FAC(CICSTEST):

TSS ADD(acid) FAC(CICSTEST)

where 'acid' is the user's ACID, an attached profile, or the ALL record if all users should have access.

Batch job:
If CICSDEV is a batch job with USER=CICSD1, then CICSD1 is the region acid for this job (since this is the acid the job will run under).

To have the predefined facility of CICSTEST associated with the CICSDEV address space, add CICSTEST as a MASTFAC to the region acid:

TSS ADD(CICSD1) MASTFAC(CICSTEST)

(NOTE: If the CICSDEV region is up when you issue the above command, it will need to be recycled to pick up the new MASTFAC.)

Now any user that signs on to CICSDEV will need access to FAC(CICSTEST).

TSS ADD(acid) FAC(CICSTEST)

where 'acid' is the user's ACID, an attached profile, or the ALL record if all users should have access.

If there is no MASTFAC on the region acid, in order to determine which facility will be used for that address space, Top Secret will go through the facilities (in the facility matrix table) until the first occurrence of the first 3 letters of the initiating program (for the region) is found and that facility will be used. For example, with CICS, the program that starts CICS is DFHSIP, so if there is a CICS started task or batch job with no MASTFAC on the region acid, Top Secret will search the facilities and the first one found with INITPGM=DFH is CICSPROD, so this will be the facility associated with that CICS region.