Problem:
How do you define MFA server to Top Secret?
Resolution:
Inappropriate attributes may result in unintended exposures. It is the customers responsibility to determine the appropriate attributes for their site.
MFA server started task must run under an ACID which has a MasterFacility with the appropriate attributes. To create the Master Facility called MFAD:
TSS MODIFY(FACILITY(USER15=NAME=MFAD))
TSS MODIFY(FACILITY(MFAD=MODE=FAIL))
TSS MODIFY(FACILITY(MFAD=MULTIUSER))
To display MFAD with all its attributes:
TSS MODIFY(FACILITY(MFAD))
which gives this display:
TSS9550I FACILITY DISPLAY FOR MFAD
TSS9551I INITPGM=*** ID=15 TYPE=099
TSS9552I ATTRIBUTES=IN-USE,ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF
TSS9552I ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
TSS9552I ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFTRANS
TSS9552I ATTRIBUTES=MSGLC,NOTRACE,NOEODINIT,IJU,NODORMPW,NONPWR,NOIMSXTND
TSS9553I MODE=FAIL DOWN=GLOBAL LOGGING=ACCESS,INIT
TSS9554I UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
TSS9566I MAXUSER=03000 PRFT=003
CREATE an ACID with the FACILITY set up above associated as its MASTER FACILITY. Here we are calling the ACID MFAD as well as the FACILITY:
TSS CREATE(MFAD) TYPE(USER) NAME(MICRO FOCUS MFA) -
DEP(dept_name) FACILITY(STC) PASSWORD(NOPW,0) MASTFAC(MFAD)
ADD Micro Focus MFA server's procedure name to the TopSecret 'started task table' (TopSecret's "STC" ACID), associating the ACID just created above with this entry. In this example, the proc name is MFAD, like the ACID and FACILITY names:
TSS ADD(STC) PROCNAME(MFAD) ACID(MFAD)
For a user to have access, update either individual user's ACIDs or a PROFILE ACID PERMITted only to users to be given access to Microfocus Mainframe Access. In this example, PROFILE ACID MFAccess is PERMITted to only those programmers to whom we want to restrict access
to Micro Focus MFA, so this one update will PERMIT all our programmers:
TSS ADD(MFAccess) FAC(MFAD)
#MFDS
#EnterpriseDeveloper