Skip to Main Content

Document Tracking System External (DOTSE)

Previous Topic

Next Topic

Book Contents

Book Index

Security Access

The following information describes the security environment at NFC.

Security Software

System security at NFC is managed by CA TOP SECRET, a commercial access control package operated in an IBM Multiple Virtual Storage (MVS) environment. CA TOP SECRET provides protection for dataset, library programs, input/output devices, and most system resources. It also controls access to data processing resources and facilitates through a three-step process as follows:

  1. CA TOP SECRET validates the user to determine if he/she is authorized to use DOTSE. The user’s logon access (user ID and password) is validated during the logon process.
  2. CA TOP SECRET confirms that the user is authorized to use the requested facility.
  3. CA TOP SECRET determines if the user is authorized to use the requested resources (e.g., datasets, programs, transactions, database subschemas, security access code (SAC), etc.).

Validation Process

To facilitate user access to NFC-maintained systems, significant interaction/interface among software packages is necessary to control access. This interaction is transparent to the user. The following steps occur during a sign-on to DOTSE.

  1. The user is prompted to enter his/her user ID and password.
  2. At the Application prompt, the user then types DOTSE.
  3. CA TOP SECRET validates the user ID, password, and access authorization to DOTSE.
  4. Upon verification/validation of the user ID and password, the user is logged onto the NFC mainframe computer and into DOTSE.
  5. Integrated Database Management System (IDMS) security controls are then checked. The user must be established in the data dictionary (the user record name is the same as the Accessors ID (ACID) name) in order to proceed.
  6. The user is allowed to execute the DOTSE program which will perform his/her assigned function as long as his/her security access for the program match.
  7. The CA TOP SECRET profiles are used to determine if the user can access the subschema where the data is stored. The CA TOP SECRET user’s permissions are read to determine if access is allowed.

The SAC is used to verify if access is to be granted to a particular record. The primary SAC entry is:

SAC:DORPSSSSDDAAOOOO,Where SSSS=PAYE or MANL, DD=department code, AA=Agency code, OOOO=personnel office identifier (POI)

SAC:DOWPSSSSFF, Where SSSS=PAYE or MANL and FF=Function, 01=Inquiry, 02=Recert, and 06=MANLOG

See Also

System Access

Remote Terminal Usage and Security

DOTSE Security

Sign-On

Signoff

Change Your Password