Clarification For The Use Of TSSXTEND Utility.
search cancel

Clarification For The Use Of TSSXTEND Utility.

book

Article ID: 10215

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

 

- We are upgrading to from release 15 to release 16 in CA Top Secret Release 16 and have had to create all the Security Files, Audit File, recovery files, and VSAM files; we have not run the TSSXTEND utility to copy the security file or the VSAM files yet because the documentation has conflicting instructions: 

-1. We know that an SCA can be granted TSS PERMIT(user) CASECAUT(TSSUTILITY.TSSXTEND) ACCESS(USE) to use TSSXTEND, but the TSSXTEND information in the AAKOJCL0 states the user must be the MSCA? Which is true? 

-2. When creating the Security file do you have to define the MSCA if you are using the SAME MSCA name if you are copying from an old Security file? 

-3. When using TSSXTEND why does the NEWPWBLOCK show up in the JCL when it clearly states in the documentation that if you allocate(create) a new security file and/or use TSSXTEND from release 15 or 16 that this parameter is default.

Why is it in the documentation if it is default on release 15 and 16? 




Environment

z/OS

Resolution

Q1. We know that an SCA can be granted TSS PERMIT(user) CASECAUT(TSSUTILITY.TSSXTEND) ACCESS(USE) to use TSSXTEND, but the TSSXTEND information in the AAKOJCL0 states the user must be the MSCA? Which is true? 

A1. If an SCA is granted to CASECAUT(TSSUTILITY.TSSXTEND) ACCESS(USE), he will be able to run the TSSXTEND to copy security file. So, this statement is no longer valid in that case. But running it with the MSCA still works hopefully. 

Q2. When creating the Security file do you have to define the MSCA if you are using the SAME MSCA name if you are copying from an old Security file??? 

A2. The SCA= parameter in the CAKOJCL0(SECPARMS) can be omitted. 

Q3. When using TSSXTEND why does the NEWPWBLOCK show up in the JCL when it clearly states in the documentation that if you allocate(create) a new security file and/or use TSSXTEND from release 15 or 16 that this parameter is default. 
Why does is it in the documentation if it is default on release 15 and 16? 

A3. Yes, the NEWPWBLOCK can be omitted, it's now the default. But, leaving it as it is, still works.

Additional Information

 

- If you wish to have more information about CA Top Secret TSSXTEND utility go to link:

 

https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/search?q=tssxtend&max=10&key=CTSFZ164

 

Powered by Wolken Software