Permit mode question

book

Article ID: 33692

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Introduction: 

We want to issue a TSS PERMIT for CA View reports with ACCESS(NONE) and MODE(WARN) so access could continue while I contact the users and have them request approval.

 

 

Instructions: 

 

There is no way to code a rule in WARN mode, ie ACTION(WARN) is not valid on a TSS PERMIT command. (Only ACTION(FAIL) is valid.)

In FAIL mode, once the resource is defined to CA Top Secret or the DEFPROT attribute is set on the resource class, a user must be explicitly permitted to access to the resource. 

 

For this situation, the following action is recommended: 

 
TSS PER(ALL) class(SpecificResource) ACCESS(ALL) ACTION(AUDIT) 
 
and run TSSUTIL report:
 
REPORT EVENT(AUDTA) class(Report) END 

 

Additional Information:

Refer to the CA Top Secret Command Functions Guide and CA Top Secret User Guide for information regarding the TSS PERMIT command.

Refer to the CA Top Secret Report & Tracking Guide for information regarding the TSSUTIL utility.

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: