Security

This section explains CA View internal and external security, including types of resources that are protected, levels of access, and how to implement external security for CA Top Secret, CA ACF2, and IBM's RACF.
The SARSTC started task uses the SAPI interface to collect and delete SYSOUTs and JESDS that meet the request criteria of CA View for data from the JES spool. SARSTC requires the appropriate access level to the JES spool's security profiles to perform these actions. 
The SARFSS started task uses security bypass to access datasets in the JES spool. If the SARFSS security bypass is disabled with the
BYPASS=NO
startup parameter, then in order to perform actions that involve collecting datasets from the JES spool, SARFSS requires the same access level as SARSTC to the JES spool security profiles.
CA View requires UPDATE authority to:
  • Access the database to save user profile information, such as last access date, current access mode
  • Retain access information, such as the last time the report was browsed
  • If the SARINIT EXPRESS parameter specifies a corresponding CA Deliver database, CA View users need READ authority for the CA Deliver database
For SARXMS, UPDATE access to the database is based on the ACID associated with the SARXMS task, not the SARXMS online user.
The SARXMS user also requires UPDATE access to the database to perform these actions:
  • Use batch facilities, such as batch prints and loads from tape
  • Access CA View through online services other than SARXMS 
After the users gain access, their authority to perform online functions is controlled by the security rules associated with the SECURITY and SECLIST initialization parameter settings.
In addition, you can secure CA View database data sets from being accessed by other applications by using the SARXTD system extensions.
By turning on the dataset security option in SARXTD you can secure CA View data sets so that only CA View utilities can have access. All other utilities fail if they try to access a data set with the HLQ specified in the SARXTD parameters.