Controlling Access to specific CSF Line Commands
search cancel

Controlling Access to specific CSF Line Commands

book

Article ID: 257294

calendar_today

Updated On:

Products

ESP Workload Automation

Issue/Introduction

We are looking for a solution where an operator completed the application mistakenly and caused impact in cycles.

Need to restrict access on force completing an application for particular users. We are looking for a possibility on application force completion alone and not with Job force completion 

 

Environment

All Release ESP Workload Automation

Cause

Operator completed an application mistakenly and caused impact in cycles.

Resolution

Control Access to Specific CSF Line Commands
Security Profiles: CSF.CHECK.CMDS, CSF.LC
If you want to limit access to specific CSF line commands, use the CSF.CHECK.CMDS profile in combination with the CSF.LC.cmd profile.
The CSF.CHECK.CMDS profile specifies the users for which CSF line command checking is done. The CSF.LC.cmd profile specifies the users that have access to the CSF line command specified by cmd.

If you do not set up a profile for a specific line command, then all users are authorized to issue that CSF line command.
Even if you can access a CSF line command, you still need access to the event group, application, or job the command is issued against.
CSF line commands generate an underlying ESP command. The CSF.LC profile protects only the CSF command, not the underlying command.

To turn on CSF line command security checking:
Create a security profile named prefix.CSF.CHECK.CMDS.
Grant UACC(READ).


To restrict access to specific CSF line commands.
Confirm that CSF line command security checking is turned on with the prefix.CSF.CHECK.CMDS profile.

Create a security profile named prefix.CSF.LC.CA
Grant UACC(NONE) access to the users you do not want using CSF line command CA.

EXAMPLE:
You do not want Frank to be able to complete applications using CSF line command CA. Assume that Frank has access to the job and the CSF.CHECK.CMDS profile. Frank should have UACC(NONE) access to the ESP.CSF.LC.CA profile

Additional Information

Securing Additional Events and Applications

https://techdocs.broadcom.com/us/en/ca-mainframe-software/automation/ca-workload-automation-esp-edition/12-0/securing/set-up-security-profiles/secure-additional-events-and-applications.html