How can unauthorized SARBCH usage be controlled?

book

Article ID: 36605

calendar_today

Updated On:

Products

CA Deliver CA View

Issue/Introduction

Issue:

User is able to access confidential reports running a batch job but is not defined to the CA View database.  User run SARBCH pgm to load reports to a dataset.  The SARINIT setting for SECRURITY=LOGON.  User is not defined with any Dist id.  How can we stop user from seeing the reports?

Cause:

 Since you are using Security=Logon, only rules pertaining to who can logon to CA View are checked. 

Resolution:  

SARATHUX - Database Utility Exit  

   1. Controls access to database utility functions SARDBASE, SARINIT, SARBCH  

   2. The default exit(SARATHUX)allows access to all utility functions    

   3. You must install SARATHU1 to activate security for database utility functions such as who is allowed to run SARBCH in         batch mode.  

   4. The exit allows for Class/Resource modification before the RACROUT call.

   5. The exit is always called regardless of the SECURITY setting. 

 

 External Security CLASS (CHA1VIEW)                                           

   Standard resource name (DBAS.db high level qualifier)                        

   Access Level (Read, Update, Control, Alter)                                  

                                                                         

   Return Codes:                                                                

   0   Exit has granted access - Do not call External Security                  

   4   Exit has denied access - Do not call External Security                   

   8   CA-View should determine access based on the SECURITY parameter          

 

Since you are using Security=Logon, only rules pertaining to who can logon to CA View are checked.  No rules are checked about authority to run batch jobs. 

 

To protect against unauthorized running of SARBCH:

   1. If using the SARATHUX exit only:

       a. code a check in the exit to determines if userid is one who should not access the CA View reports.  

       b. If the userid is not allowed access, return a Return Code of 4 

   2. If using external security, 

       a. the exit will have to set a Return Code of 8

       b. CA View will check with your external security package for the level of access for this userid 

      

Additional Information:

As always, please contact CA Technologies support for CA View if you have further questions.

 

Environment

Release: OUTDTI00200-12.1-Deliver-Output Management-Interface for Native TSO
Component: