CA Vantage SRM Security Permissions

book

Article ID: 32473

calendar_today

Updated On:

Products

CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware

Issue/Introduction

Issue:
 
If we grant everyone access to IBMFAC "SYSSSM.FUNC" [SYSSSM is the default of Vkgparm SECURPFX] which will allow them to see all objects, will that be the extent of what they get with that permissions?  Would they be allowed to touch a data set?
 
Resolution:
 
Users with alter access to the resource named SYSSSM.FUNC are granted access to all objects.
This is access to the objects, not to the data sets or Actions.
 
Any object can be secured to limit access to it by defining a Facility name of:  SYSSSM.FUNC.x
(See the additional information, below.)
   
Vkgparm STGADMIN [no default] specifies the Resource Facility name that, if a user has access to it, permission is granted to actions (line commands) for non-tape related objects.
A suggested value is:  STGADMIN (STGADMIN.VANTAGE)
This is suggested because a site may have other STGADMIN.xxx values defined for other purposes.
 
Your normal security rules would secure access to the data sets.

Additional Information:
 
See CA Vantage SRM Reference Guide, 12.6.00, Sixth Edition, topic: Methodology for Defining Access Rules to Objects.
 
If you have any questions, please contact CA Technical Support.

Environment

Release: SMV3EN00200-12.6-Graphical Management Interface
Component: