CA TLMS

Expand all | Collapse all

What are the proper CA-Top Secret access for the TLMS Started Task?

Jump to Best Answer
  • 1.  What are the proper CA-Top Secret access for the TLMS Started Task?

    Posted 05-04-2017 11:10 AM

    Due to audit findings we need to limit the access of the BYPASS attributes and used of DSN(***). The TLMS started tasks needs access to all tape datasets. What are the proper permissions to the TLMS Started Task?

     

    If the solution is to permit DSN(***) ACCESS(ALL) or NODSNCHK, we'll need some offical supporting documentation for the Auditors. 



  • 2.  Re: What are the proper CA-Top Secret access for the TLMS Started Task?
    Best Answer

    Broadcom Employee
    Posted 05-04-2017 01:36 PM

    CTS does the actual scratching and uncataloging of DSN from CATTRS and online updates. CTS/TLMS address space use to have create/delete authority to all data sets and update authority all catalogs containing the tape data sets to allow the uncataloging of datasets when a volume is scratched.    

     

    z/OS catalog management changed the way in which an entry is deleted from the OS/Catalog:

    “To delete entries in a catalog, users need either ALTER authority to the data set or ALTER authority to the catalog.         UPDATE is not sufficient for deleting (un-cataloging) a catalog entry. “

                                

                                                                     

    The CTS STC must have ALTER authority to the OS/Catalog(s). 

               

    1). Define  CTS into the started task table with unique ID(CTS).     

     

    2A). Update TSS to allow this userid(CTS) to have ALTER                   

    authority to the OS user cats.

     

    OR                                      

     

    2B). Give CTS OPERATOR authority. 

     

    I would recommend using the 2A method in-place of giving OPER authority.                                   

    This will keep the OS Catalog in-sync with TLMS.     

    Let me know if you any other questions on this..

    Thanks

    Bob Van Horn