How to set up Top SECRET (CA TSS) definitions when implementing PassTickets with IDMS
search cancel

How to set up Top SECRET (CA TSS) definitions when implementing PassTickets with IDMS

book

Article ID: 44128

calendar_today

Updated On:

Products

IDMS IDMS - Database IDMS - ADS

Issue/Introduction

Question:

Using PassTickets to access an IDMS CV system requires these definitional components:

·        Top Secret security definitions

·        Information defined in the IDMS security type table (SRTT).

The major components used in this process are the user id, the application id, the system id of the CV, the session key, and the resource class.

Answer:

Note : All of the following definitions are examples and can vary by installation, for instance if the session key is encrypted instead of masked. Other parameters can be selected for auditing, performance and other installation-specific needs.

Follow these steps:

1.     Create entries in the SRTT and issue supporting Top Secret commands to secure system signon externally. 
Note : For more information, see the Knowledge Base article
TEC465148 Security definition for TASK Codes in IDMS Central Version. 

2.     Define the resource class PTKTDATA:

TSS ADDTO(RDT) RESCLASS(PTKTDATA) ACLIST(ALL,READ,UPDATE) MAXLEN(37)

 

3. Add IDMSDEPT department ownership for resources of class PTKTDATA:

 

TSS ADDTO(IDMSDEPT) PTKTDATA(IRRPTAUTH)

 

4. Add a session key for each applid (PSTKAPPL):

 

TSS ADDTO(NDT) PSTKAPPL(IDMSSY73) SESSKEY(0123456789ABCDEF)

TSS ADDTO(NDT) PSTKAPPL(IDMSSY74) SESSKEY(ABCDEF0123456789)

 

5. Add permission for JOHN_SMITH to generate and use a PassTicket for SYSTEM 73:

 

TSS PERMIT(JOHN_SMITH) PTKTDATA(IRRPTAUTH.IDMSSY73.JOHN_SMITH) ACCESS(READ,UPDATE)

Additional Information:

IDMS 18.5 Release Notes (2nd Edition), Chapter 4, PassTicket Support

 

IDMS 18.5 Security Administration Guide, Chapter 4: Using External Security, subsection “Optionally Defining PassTickets”

Environment

Release: IDADSO00100-18.5-ADS-for CA-IDMS
Component: