Security

This section explains the CA View security features including:
view140
This section explains the CA View security features including:
  • Internal security
  • External security
    • Types of resources protected
    • Levels of security access
    • How to implement external security for CA Top Secret, CA ACF2, and IBM's RACF
The SARSTC started task uses the SAPI interface to collect and delete SYSOUTs and JESDS that meet the request criteria of CA View for data from the JES spool. SARSTC requires the appropriate access level to the JES spool's security profiles to perform these actions.
The SARFSS started task uses security bypass to access datasets in the JES spool. If the SARFSS security bypass is disabled with the
BYPASS=NO
startup parameter, then in order to perform actions that involve collecting datasets from the JES spool, SARFSS requires the same access level as SARSTC to the JES spool security profiles.
For spool datasets that are encrypted with JES2 Spool encryption, the CA View started task, the CA Deliver started task, and the SARFSS collector task require read access to the encryption keys. Without read access to the encryption keys, the SARFSS collector task does not collect the required datasets, the CA View started task terminates with error messages from the security product, and the CA Deliver started task terminates with user abend code U0003, with the result that the collected datasets are not archived.
CA View requires UPDATE authority to:
  • Access the database to save user profile information, such as last access date, current access mode
  • Retain access information, such as the last time the report was browsed
  • If the SARINIT EXPRESS parameter specifies a corresponding CA Deliver database, CA View users need READ authority for the CA Deliver database
For SARXMS, UPDATE access to the database is based on the ACID associated with the SARXMS task, not the SARXMS online user.
The SARXMS user also requires UPDATE access to the database to perform these actions:
  • Use batch facilities, such as batch prints and loads from tape
  • Access CA View through online services other than SARXMS
After the users gain access, their authority to perform online functions is controlled by the security rules associated with the SECURITY and SECLIST initialization parameter settings.
In addition, you can secure CA View database data sets from being accessed by other applications by using the SARXTD system extensions.
By turning on the dataset security option in SARXTD you can secure CA View data sets so that only CA View utilities can have access. All other utilities fail if they try to access a data set with the HLQ specified in the SARXTD parameters.