search cancel

CA Vantage SRM Security Permissions

book

Article ID: 32473

calendar_today

Updated On:

Products

CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services Datacom/AD CA ECOMETER SERVER COMPONENT FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware

Issue/Introduction

Issue:
 
If we grant everyone access to IBMFAC "SYSSSM.FUNC" [SYSSSM is the default of Vkgparm SECURPFX] which will allow them to see all objects, will that be the extent of what they get with that permissions?  Would they be allowed to touch a data set?
 
Resolution:
 
Users with alter access to the resource named SYSSSM.FUNC are granted access to all objects.
This is access to the objects, not to the data sets or Actions.
 
Any object can be secured to limit access to it by defining a Facility name of:  SYSSSM.FUNC.x
(See the additional information, below.)
   
Vkgparm STGADMIN [no default] specifies the Resource Facility name that, if a user has access to it, permission is granted to actions (line commands) for non-tape related objects.
A suggested value is:  STGADMIN (STGADMIN.VANTAGE)
This is suggested because a site may have other STGADMIN.xxx values defined for other purposes.
 
Your normal security rules would secure access to the data sets.

Additional Information:
 
See CA Vantage SRM Reference Guide, 12.6.00, Sixth Edition, topic: Methodology for Defining Access Rules to Objects.
 
If you have any questions, please contact CA Technical Support.

Environment

Release: SMV3EN00200-12.6-Graphical Management Interface
Component: