Screens and Tabs › Tabs › Endpoint Account Management Tabs › CA Top Secret (Plugin Connector) › MVS Privileges 2 Tab

MVS Privileges 2 Tab

Use this tab to specify user, miscellaneous, and some administrative privileges.

The fields in this tab are listed below:

Acid

• All
• Audit
• Create
• DefNode
• Info
• Maintain
• Report
• Xauth

All

Specifies that the acid is authorized to perform all of the user functions on other acids.

Audit

Authorizes the acid to globally audit a particular acid or acids in his administrative authority. This authority is required so that the acid can utilize the TSSAUDIT utility.

Create

Authorizes the acid to create and delete other acids.

DefNode

Authorizes the acid to specify defnodes for other acids.

Info

Authorizes the acid to issue the TSS WHOHAS command to determine who has access to specific acids used for job submissions.

Maintain

Authorizes the acid to perform certain functions required for the maintenance of other acids in his administrative authority. This includes activities such as maintaining passwords, updating acid and name fields, and moving the acid from one department or division to another.

Report

Authorizes the acid to run the TSSUTIL and TSSCHART utilities to prepare customized reports showing security activity for other acids in his administrative authority.

Xauth

Authorizes the acid to control asset access authorizations for other acids designated for job submission.

Low Level Admin Functions - Misc1

• All
• Instdata
• LCF
• Lock Time
• NOATS
• RDT
• Suspend
• TSS Sim
• User

All

Specifies that the acid is authorized to perform all of the low level administrative functions on other acids.

Instdata

Authorizes the acid to maintain installation-defined data fields and to add the DUFXTR and DUFUPD attributes (for the Dynamic Update Facility) to other acids in his administrative authority.

LCF

Authorizes the acid to assign LCF command and transaction restrictions to other acids in his administrative authority.

Lock Time

Authorizes the acid to set lock time requirements for acids in his administrative authority. Lock time determines how many minutes the terminal may remain inactive before it is locked. After it is locked, the acid must issue a TSS UNLOCK command and supply a valid password in order to use the terminal.

NOATS

Authorizes the acid to prevent other acids in his administrative authority from using ATS (Automatic Terminal Signon) to signon to a CICS, IMS or CA-IDMS facility.

RDT

Authorizes the acid to maintain and list the assets defined to the Resource Descriptor Table (RDT). All assets secured by CA-Top Secret must first be identified to the RDT.

Suspend

Authorizes the acid to suspend or unsuspend other acids in his administrative authority.

TSS Sim.

Authorizes the acid to execute the TSSSIM utility. The TSSSIM utility allows the acid to test acids and asset authorizations in a simulated security database.

User

Authorizes the acid to administer the use of unownable installation-defined resources (USERx).

Low Level Admin Functions-Misc2

• All
• APPC LU
• DLF
• NDT
• PC
• SMS
• Target
• TSO
• Workattr

All

Specifies that the acid is authorized to perform all of the miscellaneous functions on other acids.

APPC LU

Authorizes the acid to administer the APPCLU Record and permit acids to access one of the following APPCLU resources: APPCPORT, APPCSCI, and APPCSI.

APPC LU also authorizes the acid to ADD, REPLACE, and REMOVE the following SYSOUT account and delivery attributes for an acid: WAACCNT, WABLDG, WADEPT, WAADDR1, WAADDR2, WAADDR3., WAADDR4, WANAME, and WAROOM.

DLF

Authorizes the acid to administer resources added to the Data Lookaside Facility (DLF) Record.

NDT

Authorizes the acid to administer the VAX Node Descriptor Table (NDT).

SMS

Authorizes the acid to administer the following SMS fields: SMSAPPL, SMSDATA, SMSMGMT, and SMSSTOR.

Target

Authorizes the acid to indicate a specific target node when issuing a TSS command. Target nodes must first be identified through the Command Propagation Facility (CPF).

TSO

Authorizes the acid to administer the following TSO fields: TSOCOMMAND, TSODEST, TSODEFPRFG, TSOSCLASS, TSOHCLASS, TSOJCLASS, TSOLACCT, TSOLPROC, TSOLSIZE, TSOMCLASS. TSOMSIZE, TSOOPT, TSOUDATA and TSOUNIT.

Workattr

Authorizes an acid to ADD and REMOVE SYSOUT delivery and account number information.

High Level Admin Functions

• All
• Bypass
• Console
• Generic
• Global
• Mastfac
• Mode
• STC
• Trace

All

Specifies that the acid is authorized to perform all of the high level administrative functions on other acids.

Bypass

Authorizes the acid to allow other acids in his administrative authority to bypass security checking under certain conditions. These conditions are specified by the following attributes: NODSNCHK, NOVOLCHK, NORESCHK, NOVMDCHK, NOLCFCHK, and NOSUBCHK.

Console

Authorizes the acid to administer the CONSOLE attribute.

The CONSOLE attribute permits the acid to modify CA-Top Secret control options from the console or by issuing the TSS MODIFY command function.

Generic

Authorizes the acid to issue the generic TSS WHOOWNS function to obtain a list of all resources that are owned in his administrative authority.

Global

Authorizes the acid to use the Limited Command Facility (LCF) and administrative authorities for all acids using the All Record.

Mastfac

Authorizes the acid to associate a region control ACID with a multiuser address space facility such as IMS or CICS.

Mode

Authorizes the acid to specify a security mode (DORM, WARN, IMPL, FAIL) for acids in his administrative authority.

STC

Authorizes the acid to administer the Started Task Record Table.

Trace

Authorizes the acid to issue a diagnostic trace.