How To Implement ODM With CA Top Secret.
search cancel

How To Implement ODM With CA Top Secret.

book

Article ID: 9881

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

 

This doucument intents to supply you with the CA Top Secret commands to implement IBM ODM product.

 

Some resource classes might not be defined to TSS RDT record. You have to define these resource classes before performing any TSS command.

Despite the CA Top Secret provided commands syntax is correct, you have to tailor them to fit your site standard requirements. 

 

 

 



Environment

Release:
Component: TSSMVS

Resolution

 

1°) You have to defined these resource classes to CA Top Secret RDT (Resource Descriptor Table).

 

TSS ADD(RDT) RESCLASS(HBRCMD) RESCODE(xxx) POSIT(128) MAXLEN(64) - 

ACLST(ALL,UPDATE,READ,NONE) DEFACC(READ) 

TSS ADD(RDT) RESCLASS(HBRCONN) RESCODE(xxx) POSIT(128) MAXLEN(64) - 

ACLST(ALL,UPDATE,READ,NONE) DEFACC(READ) 

TSS ADD(RDT) RESCLASS(HBRADMIN) RESCODE(xxx) POSIT(128) MAXLEN(64) - 

ACLST(ALL,UPDATE,READ,NONE) DEFACC(READ) 



Where xxx is a new available rescode. To know which rescode is already in use you have to issue a TSS LIS(RDT), it will list the entire RDT record. 
Then, if you want to use rescode 10A, 10B and 10C, check whether there are not already used. 

 

2°) Tailor the attached file which contains the CA Top Secret commands to implement ODM. ODM_TSS_Setup.txt

      You will find all RACF command followed by TSS one. 

 

3°) Perform the tailored CA Top Secret commands.

Additional Information

 

It might have an issue with adding resource to CA Top Secret when using wildcard.

About the wildcard '*', here they are the possible combination: 

Below they are correct: 

TSS ADD(dept#) HBRCMD(**) 
TSS ADD(dept#) HBRCMD(*.xxxx.*) 

but notice that: 


tss add(dept#) hbrcmd(a*.bbbb.) 
tss add(dept#) hbrcmd(aaaa.bbbb.*) 
tss add(dept#) hbrcmd(aaa*.bbbb.*) 
tss add(dept#) hbrcmd(aaa*.bbbb.) 

are all invalid, this due to with CA Top Secret you can add a resource with a masking character only if the resource name starts with a masking charcater. 

 

If you want to have more details about the RDT use the link below:

https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/maintaining-special-security-records/maintain-the-rdt-record/define-a-resource-to-the-rdt

If you want to have more details about the CA Top Secret command functions use the link below:

https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/issuing-commands-to-communicate-administrative-requirements/command-functions

 

Attachments

1558534179425TEC1517944.zip get_app
Powered by Wolken Software