Creating Top Secret Facility Classes

The platform server uses Top Secret facility classes to determine whether a user is authorized to perform certain platform server maintenance functions.

1. Create the REXX/ISPF inquiry and profile facility under CA-Top Secret.
   The GLOBAL BOSSID parameter, which is defined in GLOBAL Startup Parameters, defines a facility class that is used for authorization checking for:

   • The REXX/ISPF interface
   • The user profile

   If BOSSID=$FUSION:

   • To define this facility under Top Secret, you can use the following command:

     TSS ADD(TSSUSER) IBMFAC($FUSION)

   • To make a user a platform server ISPF/REXX administrator, you must give them READ authorization to the profile by using the following command:

     TSS PER(userid) IBMFAC($FUSION) ACCESS(READ)

   • To make a user a platform server profile administrator, you must give them CONTROL authorization to the profile by using the following command:

     TSS PER(userid) IBMFAC($FUSION) ACCESS(CONTROL)

   For more information, see TIBCO Managed File Transfer Platform Server for z/OS User's Guide.

2. (Optional) Create a Read Only REXX/ISPF inquiry and profile facility.
   In addition to the processing defined in step 1, you can define an additional facility class to permit ISPF users to view but not update transfer requests. This facility adds the suffix .READ to the GLOBAL BOSSID parameter. When a TSO user has READ access to this facility class, the user can perform the following functions:

   • View all transfers.
   • Update only transfers where the transfer local user ID matches their TSO user ID.

   If BOSSID=$FUSION:

   • To define this facility under Top Secret, you can use the following command:

     TSS ADD(TSSUSER) IBMFAC($FUSION.READ)

   • To make a user a platform server ISPF/REXX administrator, you must give them READ authorization to the previous facility by using the following command:

     TSS PER(userid) IBMFAC($FUSION.READ) ACCESS(READ)

   At this point, the platform server will also check facility class $FUSION.READ. If a user has access to this facility class, then the user can read but not update transfer requests.

   Note: The .READ facility class is only checked if the user does not have access to the facility class defined by the BOSSID parameter.
3. Create the Command Center facility classes.

   Four GLOBAL parameters define the names of the facility classes that are used to determine if a user is authorized for Command Center functions. See the following values defined in the GLOBAL member of the platform server SAMPLIB. For more information, see GLOBAL Startup Parameters.

   CCC_BROWSE_FACILITY=$CCC.BROWSE
   CCC_ALTER_FACILITY=$CCC.ALTER
   CCC_ADMIN_FACILITY=$CCC.ADMIN
   CCC_TRANSFER_FACILITY=$CCC.TRANSFER

   To define these facilities under Top Secret, you can use the following Top Secret commands:

   TSS ADD(TSSUSER) IBMFAC($CCC.BROWSE)
   TSS ADD(TSSUSER) IBMFAC($CCC.ALTER)
   TSS ADD(TSSUSER) IBMFAC($CCC.ADMIN)
   TSS ADD(TSSUSER) IBMFAC($CCC.TRANSFER)

   • To make a Command Center user authorized for all Command Center functions, you must give them READ authorization to the facility defined by the CCC_ADMIN_FACILITY parameter as follows:

     TSS PER(userid) IBMFAC($CCC.ADMIN) ACCESS(READ)

   • To make a Command Center user authorized for inquiry on completed transfers, you must give them READ authorization to the facility defined by the CCC_BROWSE_FACILITY parameter as follows:

     TSS PER(userid) IBMFAC($CCC.BROWSE) ACCESS(READ)

   • To make a Command Center user authorized for altering transfers on the platform server queue, you must give them READ authorization to the facility defined by the CCC_ALTER_FACILITY parameter as follows:

     TSS PER(userid) IBMFAC($CCC.ALTER) ACCESS(READ)

   • To make a Command Center user authorized for initiating transfers, you must give them READ authorization to the facility defined by the CCC_TRANSFER_FACILITY parameter as follows:

     TSS PER(userid) IBMFAC($CCC.TRANSFER) ACCESS(READ)