Creating and managing access control data

The access control system of the IBM® CCA Cryptographic Coprocessor Support Program defines the circumstances under which the coprocessor can be used. It does this by restricting the use of CCA commands.

For a list of these CCA commands, see the IBM CCA Basic Services Reference and Guide for the IBM 4767 and IBM 4765 PCIe Cryptographic Coprocessors. Also, see the Required commands section at the end of each verb description.

An administrator can give users differing authority so that some users can use CCA services not available to others. This section includes an overview of the access control system and instructions for managing your access control data. You need to know the commands that are required and under what circumstances. Consider that some commands should be authorized only for trusted individuals or for certain programs that operate at specific times. Generally, you authorize only those commands that are required, so as not to inadvertently enable a capability that could be used to weaken the security of your installation.

You will obtain the information about command use from the documentation for the applications that you intend to support. For additional guidance, see IBM CCA Basic Services Reference and Guide for the IBM 4767 and IBM 4765 PCIe Cryptographic Coprocessors.