search cancel

What is the CA Top Secret ACIDAUTH Resource Class for?

book

Article ID: 53105

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Introduction:

What is the CA Top Secret Resource Class 'ACIDAUTH' used for?

Instructions:

The ACIDAUTH Resource Class is used for Cross Submit Authorization Checking. It is used to determine, if a submitting acid is authorized to submit a job using a different acid.

A security call against ACIDAUTH class is always issued, whether USER= is specified or not on JOB card.

The SAFTRACE excerpt below details the security call:

CAS21D0I TRACEID: TRACE001 EVENT#:  00302431
CAS21D0I JOBNAME: USER001  USERID:  USER001  ASID: 0044
CAS21D1I PROGRAM: IKJEFF04 RB CURR: IKJEFF04 APF:  YES  SFR/RFR: 0/0:0
CAS2200I RACROUTE REQUEST=AUTH,REQSTOR='TSSJJINT',SUBSYS='CA-TSS',
CAS2200I          CLASS='ACIDAUTH',RELEASE=1.9,STATUS=NONE,ACEE=,
CAS2200I          ATTR=READ,DSTYPE=N,DECOUPL=YES,
CAS2200I          ENTITY=('USER001...............................'),
CAS2200I          FILESEQ=0,GENERIC=ASIS,LOG=ASIS,MSGSP=0,TAPELBL=STD,
CAS2200I          WORKA=
  • The TSSJJINT is designed to check, if the submitting acid is authorized to the acid being used in the batch job.

  • The security check is against the ACIDAUTH resource class.

  • When submitting using an acid that has the bypass attribute NOSUBCHK, the event is logged into the Audit Tracking File (ATF).

 

Additional Information: 

 

For CA top Secret r15.0 refer to Implementation:Other Interfaces Guide; chapter #1 Implementation Security for BATCH. 

For CA Top Secret r16.0 go to docops.ca.com site; signon; choose your product CA Top Secret for z/OS - 16.0; click on "Implementing in CICS and other interfaces" link to have more information about BATCH implementation and USER= parameter.

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: