Define new ChangeMan ZMF 8.2 security checks in Top Secret

book

Article ID: 195270

calendar_today

Updated On:

Products

CA Top Secret

Issue/Introduction

A new security entity check is added at ChangeMan ZMF 8.2 for these listed functions:

 Create, Checkout, Stage, Scratch, Rename, Recompile, Rebind, Freeze, Promote and Approve.

The security entity is the name of the ISPF function program:

Create = CMNCREAT

Checkout = CMNCKOUT

Stage = CMNSTGER

Scratch = CMN$UTIL

Rename = CMN$UTIL

Recompile = CMNRCOMP

Rebind = CMNRBIND

Freeze = CMNFREZE

Promote = CMNPROMO

Approve = CMNAPPRV

 

How to implement these new security Checks with CA Top Secret?

 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

The new security entities should be defined in the same way that the other five security entities documented in the ChangeMan 8.2 Installation Guide that are:


CMNGBADM or CMNxGBAD

CMNLCADM or CMNxLCAD

CMNREVRT or CMNxREVR

CMNBKOUT or CMNxBKOU

CMNMON or CMNxMON


So probably there are already definitions like this in CA Top Secret:

XA UR1 = CMNGBADM OWNER(owner_acid)

ACCESS = UPDATE


Note: The resource class is UR1 that is the name suggested in the Changeman documentation if the security system is CA Top Secret.

The information about the Resource name is documented in Page 60 of the ChangeMan ZMF Installation Guide available at the following link:

ChangeMan ZMF Installation Guide


For the new Security entities, it is necessary to ADD first the ownership of the new security entities to an owning acid and then permit the new entities to the ChangeMan administrators and 

to the ChangeMan STC acid. 



For example, for the new entity CMNCREAT the commands would be:



TSS ADD(owner_acid) UR1(CMNCREAT)

TSS PERMIT(profile) UR1(CMNCREAT) ACCESS(UPDATE)

TSS PERMIT(ChangeMan_STC_acid) UR1(CMNCREAT) ACCESS(UPDATE)

Where profile is a profile for the ChangeMan Administrators.

The same commands for the other new security entities (CMNCKOUT, CMNSTGER...)