CA Datacom, CA Datacom - AD, CA Ideal, CA CIS, CA Common Services for z/OS, CA 90s Services, CA Database Management Solutions for DB2 for z/OS, CA Common Product Services Component, CA Common Services, CA Datacom/AD, CA ecoMeter Server Component FOC, CA Easytrieve Report Generator for Common Services, CA Infocai Maintenance, CA IPC, Unicenter CA-JCLCheck Common Component, CA Mainframe VM Product Manager, CA Chorus Software Manager, CA On Demand Portal, CA Service Desk Manager - Unified Self Service, CA PAM Client for Linux for zSeries, CA Mainframe Connector for Linux on System z, CA Graphical Management Interface, CA Web Administrator for Top Secret, CA CA- Xpertware
This article summarizes how external security for CA Datacom works from Multi-User start-up through how access is allowed or denied.
At MUF Start-up, the UserID is obtained via CAISSF and passed to Datacom.
Datacom calls external security system to determine whether external security is in effect or not.
This check is done regardless of what the user enters in the SECURITY Multi-User Startup Option.
Facilities the user is authorized to access
If user is an administrator
External security product checks security status for resource names.
Checking if ACTIVATE.LEVELnn.PASS is allowed and ACTIVATE.LEVELnn.FAIL is denied for the UserID that starts the Multi-User.
The check begins with LEVEL05 and continues until a resource name pair is identified.
Once the resource pair is found, the DTSYSTEM is queried to determine the access path level of security being used.
The next security check looks for the table class resources for the UserID associated with the Multi-User Facility.
This check consists of a pair of resource names relating to the level of external security to be checked, so that new security features can be implemented without affecting the existing external security System.
For example, in the following Multi-User Startup Option:
The "cxxname" can be found by looking at the MUF startup message "DB00201I for CXX=" information. It is also available on the DBUTLTY CXX Report on the right-hand of the flower box after the string "CXXNAME".
If the user that starts up the Multi-User is denied access to the DTSYSTEM resource class, external security is activated.
If access is allowed and the class-and-path definition is coded in the Multi-User startup SECURITY option, an error is returned and the Multi-User Facility will not enable.
Also, if no class is coded for a path in the Multi-User startup and access is denied for more than one class in that path, an error is returned and the Multi-User Facility will not enable.