CA 1 Flexible Storage

 View Only
Back to discussions
Expand all | Collapse all

Can profiles in Top Secret be defined so as to eliminate the need to enter a password (related to CTAPOPTN(TMOSEC00) values when accessing CA-1 via ISPF?

  • 1.  Can profiles in Top Secret be defined so as to eliminate the need to enter a password (related to CTAPOPTN(TMOSEC00) values when accessing CA-1 via ISPF?

    Posted Apr 27, 2017 11:48 AM

    Currently have the default three profiles.  The default coming in to CA-1 ISPF is USERINQ.  I'm looking for a way to allow for users that have access to PROFILE=SYSPROG to be able to access CA-1 ISPF without having to enter the Password, prior to selecting an option, when the authorized user is making updates.



  • 2.  Re: Can profiles in Top Secret be defined so as to eliminate the need to enter a password (related to CTAPOPTN(TMOSEC00) values when accessing CA-1 via ISPF?
    Best Answer

    Broadcom Employee
    Posted Apr 27, 2017 02:43 PM

    Hello,

     

    You can allow SYSPROG to be the default password if that is what you want to do. What we recommend is to have the user supply the password to verify they have the authority to make the changes. You don’t want just any user to enter SYSPROG as that can cause major issues. It’s more secure to supply the default password for USERINQ so certain users can only inquire if they didn’t supply the update password. For the people who need to have higher authority, they should have their own password beyond USERINQ to verify they are in fact the only users who can make changes. If you change the main password to SYSPROG, then any user can make changes whether they should or should not have access. If you have further questions, please open a ticket and we will assist you further.

     

    Thanks,



  • 3.  Re: Can profiles in Top Secret be defined so as to eliminate the need to enter a password (related to CTAPOPTN(TMOSEC00) values when accessing CA-1 via ISPF?

    Posted May 01, 2017 09:55 AM

    If you want to keep the default to be USERINQ for most people, you can use TMSXITS to change that to SYSPROG for specific USERIDs.  This means coding the exit to verify which user is trying to access the TMC and then changing the password/profile value to SYSPROG.  This is cumbersome to manage since it would have to be changed any time you add or remove a USERID from the list.  We do not recommend making the default ISPFDEF to be SYSPROG since it has more authority than most people would need.

    There is base code for TMSXITS in the CTAPSAMP library and there is a specific section in the code for changing the ISPF password/profile.



  • 4.  Re: Can profiles in Top Secret be defined so as to eliminate the need to enter a password (related to CTAPOPTN(TMOSEC00) values when accessing CA-1 via ISPF?

    Posted May 01, 2017 12:37 PM

    Carolyn,

    Thanks!  that could work.  I have very few users that would need SYSPROG access.  I think ultimately found what I was looking for in the USERUPD profile.  I have some more testing to do but I think that's going to give me everything I want (for day-to-day activity) and still provide the security I need at the dataset name level to keep users from updating production files. (Don't know how I missed that profile before.)

     

    Appreciate how helpful you always are!



  • 5.  Re: Can profiles in Top Secret be defined so as to eliminate the need to enter a password (related to CTAPOPTN(TMOSEC00) values when accessing CA-1 via ISPF?

    Posted May 01, 2017 02:00 PM

    You're welcome.   Let me know if you have further questions.

    Carolyn