© Copyright IBM Corp. 2000 33 Chapter 4.   CA-Top Secret overview This chapter briefly describes the Computer Associates CA-Top Secret security product. 4.1   The CA-Top Secret security philosophy The way CA-Top Secret protects data sets (and all other resources) is sometimes referred to as “protection based on the user”. This means that, when deciding whether a user can access a certain data set, CA-Top Secret starts with the user ACessor ID (ACID is the ID assigned to users), and then checks for the appropriate XA DATASET rules that are assigned specifically to that user. By default, all resources (any component of the operating system required by a task) are not  protected on a system with CA-Top Secret installed and active. You must set system-wide or resource-specific options to enable access to resources. The four modes of operation in CA-Top Secret are: •  DORMANT - CA-Top Secret is installed and is not actively validating resources. •  WARN - CA-Top Secret is active, and validating resources, but instead of failing requests, it generates warning messages. •  IMPL - CA-Top Secret is active, validating resources, and failing unauthorized access requests. Undefined users can operate normally, but are restricted from defined resources. •  FAIL - CA-Top Secret is in full control of resources. For example, for data sets, RACF has the PROTECTALL option with values of FAILURES and  WARNING. These values help map the CA-Top Secret  MODE parameter values (FAIL and WARN). In CA-Top Secret, the data sets a user can access are determined by checking the XA DATASET rules related to that user. These rules are found in both the individual user ACID and any profile ACIDs the user belongs to. There are three checking sequences, depending on which CA-Top Secret startup option is used. If AUTH(OVERRIDE,ALLOVER) is used (the more common one), then the checking sequence is: 1.  Rules in the user ACID are checked. If a rule meets the criteria, no further checking is performed. 2.  Rules in any profiles assigned to the user are checked, and each profile is checked in the order that it is listed in the user ACID. If a rule meets the criteria, no further checking is performed. If multiple accesses for a resource are located, access is granted/denied based on the access rule containing the most specific match. 3.  Rules in the ALL record are checked. Another checking sequence used by CA-Top Secret is AUTH(OVERRIDE,MERGE). It merges all the rules in the user profile and all profiles connected to the user, and then chooses the most appropriate one. An access decision is not made until the entire merged record is searched. If no match is found, the ALL record is