Access Rights Associated with CANDE

With the exception of CANDE control capability, the access capabilities associated with CANDE are of a restrictive nature. That is, certain CANDE network control commands can act to restrict the access privileges of a station; they cannot confer additional access privileges.

CANDE Control Station

A CANDE control station is one authorized for entry of CANDE network control commands.

Any of the following conditions make a station a CANDE control station:

  • An existing CANDE control station makes the station a CANDE control station.

  • The usercode or station is control-capable in Transaction Server, the CANDE option NOCOMSCTRL is FALSE, and the security option CLASS value is U.

  • CANDECONTROL is designated for the usercode in the USERDATAFILE.

Also, the ODT using the SM (Send to MCS) system command is treated as a CANDE control station.

Because CANDE control commands can reconfigure the CANDE network, limit access to them to trusted users only.

CANDE ?OP Command Options

CANDE ?OP Command Options describes the options of the ?OP command.

Table 27. CANDE ?OP Command Options

Command Option

Function

NOCOMSCTRL

By default, stations with Transaction Server control-capable status automatically acquire CANDE control-station status as well.

When you specify NOCOMSCTRL, stations do not inherit CANDE control-station status simply because they are marked as control-capable in Transaction Server.

A station can still be made a CANDE control station by

  • Making the value of the SPO station attribute TRUE

  • Making the station a CANDE control station from an existing CANDE control station

  • Designating CANDECONTROL in the USERDATAFILE for the usercode of the station user

If the CLASS security option is set to S0, S1, or S2, CANDE acts as if the NOCOMSCTRL option were specified. Changing the value of the option has no effect.

SECALL

This option denies users privileged-user status, regardless of whether they are marked as privileged users in the USERDATAFILE. When you specify the SECALL option, a user logged on to CANDE is recognized as a privileged user only if all the following conditions are true:

  • The user is on a Transaction Server window.

  • The Transaction Server station is configured in Transaction Server as having privileged access (privileged-user station).

  • The CANDE option USECOMSPRIV is specified.

  • The user's usercode is marked as privileged (PU) in the USERDATAFILE.

SECDIALIN

This option regulates privileged-user status on dial-in stations. When you specify the SECDIALIN option, no user of a dial-in station has privileged-user status, even if he or she is logged on under a usercode marked as privileged in the USERDATAFILE.

SECPSEUDO

This option denies users of pseudo-stations privileged-user status, regardless of whether they are marked as privileged users in the USERDATAFILE. When you specify the SECPSEUDO option, a user of a pseudo-station has privileged-user status only when all the following conditions are true:

  • The user is on a Transaction Server window.

  • The Transaction Server station is configured in Transaction Server as having privileged access (privileged-user station).

  • USECOMSPRIV is specified.

  • The user's usercode is marked as privileged in the USERDATAFILE.

USECOMSPRIV

This option enables you to permit exceptions to the effects of the SECALL or SECPSEUDO options, or both. When you specify the USECOMSPRIV option, CANDE uses the Transaction Server station configuration setting to determine whether users of a Transaction Server window to CANDE have privileged-user or security-administrator status.

If USECOMSPRIV is specified and if a station is designated in Transaction Server as having privileged access, a user who is logged on at the station and who is marked as a privileged user in the USERDATAFILE has privileged-user status, even if the SECALL or SECPSEUDO option is designated.


CANDE Security Messages Access (CANDE Log Station)

A CANDE log station:

  • Is defined by using the CANDE network control command ?LGSTA.

  • Receives CANDE logging information, including

    • Log-ons and log-offs

    • Beginnings and endings of tasks

    • Security violations

To define which types of events are reported at log stations, specify the chosen options in the ?LGSTA command. Options of interest to a security administrator might include LGON (log-ons), LGOFF (log-offs), and LGSECURE (security violations).

In the following example, to enable station TDS5203HB as a log station capable of receiving log-on, log-off, and security-violation messages, enter 

?LGSTA TDS5203HB: LGON, LGOFF, LGSECURE

To end the log-station status of TDS5203HB, enter

?DSLGSTA TDS5203HB

The ?LGSTA and ?DSLGSTA commands must be entered at a CANDE control station.

Suggestions

CANDE control status enables the user to monitor and regulate the CANDE MCS and the activities of its users. Grant such status only to trusted individuals who require those capabilities.

Because the CANDE network options that have been described do not confer access rights, but only confirm or deny a user's existing access capabilities, the setting of these options is left to the discretion of the security administrator. However, to minimize the possibility of unintentional discrepancies between the CANDE and Transaction Server station options for sites that use Transaction Server, you might choose to use the SECALL and USECOMSPRIV options.

Prev  Up  Next
Examples of Appropriate Transaction Server Access Rights  Home  Role-based Access for Applications