A new security entity check is added at ChangeMan ZMF 8.2 for these listed functions:

 Create, Checkout, Stage, Scratch, Rename, Recompile, Rebind, Freeze, Promote and Approve.

The security entity is the name of the ISPF function program:

Create = CMNCREAT

Checkout = CMNCKOUT

Stage = CMNSTGER

Scratch = CMN$UTIL

Rename = CMN$UTIL

Recompile = CMNRCOMP

Rebind = CMNRBIND

Freeze = CMNFREZE

Promote = CMNPROMO

Approve = CMNAPPRV

How do you implement these new security checks with Top Secret?

Component : Top Secret for z/OS

The new security entities should be defined in the same way that the other five security entities documented in the ChangeMan 8.2 Installation Guide that are:

CMNGBADM or CMNxGBAD

CMNLCADM or CMNxLCAD

CMNREVRT or CMNxREVR

CMNBKOUT or CMNxBKOU

CMNMON or CMNxMON


So probably there are already definitions like this in Top Secret:

XA UR1 = CMNGBADM OWNER(owner_acid)

ACCESS = UPDATE


Note: The resource class is UR1 that is the name suggested in the Changeman documentation if the security system is Top Secret.

For the new Security entities, it is necessary to ADD first the ownership of the new security entities to an owning acid and then permit the new entities to the ChangeMan administrators and to the ChangeMan STC acid. 



For example, for the new entity CMNCREAT the commands would be:

TSS ADD(owner_acid) UR1(CMNCREAT)

TSS PERMIT(profile) UR1(CMNCREAT) ACCESS(UPDATE)

TSS PERMIT(ChangeMan_STC_acid) UR1(CMNCREAT) ACCESS(UPDATE)

Where profile is a profile for the ChangeMan Administrators.

The same commands for the other new security entities (CMNCKOUT, CMNSTGER...).