Entry point to access FACILITY
search cancel

Entry point to access FACILITY

book

Article ID: 265550

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Potential exploitation, attack vector or "entry point" access to a FACILITY.

Environment

Release :

Resolution

A 'FACILITY' :

  • Is assigned to an address space through the MASTFAC keyword on the region's started task acid.
    Example:
    TSS ADD(started_task_acid)  MASTFAC(facility_name)
  • Used to set security settings for that address space through the TSSPARMs file.
    Example:
    CICS is running MODE(WARN)
    NDM is running MODE(FAIL)
    MQM is running MODE(IMPL)
  • Used to control, user access to the FACILITY.
    Example;
    To give a user access to the MQ FACILITY:
    TSS ADD(JOE) FACILITY(MQM)

To use a FACILITY/address space/started task of MQ, NDM, CICS...etc a user must signon to the address space:

  • Batch signon
    • USER= and PASSWORD= on $$ JOB card
    • OR users inherit submitters acid when submited through TSO.
  • Started task signon
    • User assigned through Top Secret Started Task Table 
  • Multi-user address space signon to a terminal/green screen
    • Through applicaton's signon panel that issues a signons to Top Secret. 
  • Signon checks for:
    • FACILITY authorization
    • TERMINAL/IP restrictions
    • Calendar/Time restrictions
    •  Expirations
    •  Inactivity
    • If any security checks fail, the signon fails and access is denied.

 

 

 

 

Powered by Wolken Software