For more information about Top Secret commands, go to the link here. The NOTES have been copied below:
- The #dept is one of your existing department ACIDs or has to be created. You have to replace #dept with a department of your choice.
- With Top Secret, the type GROUP ACID is reserved to manage GID() only. So, no permits can be done to a Top Secret GROUP. This is why you need to create a type PROFILE ACID to handle those permits.
- You will see some additional lines with '##' in there. These lines are commented out on purpose. You can ignore it, except for the lines that create a PROFILE. This PROFILE is likely used later on within this file.
- Be very careful and review. You have to assess whether you want to apply the commands or not. You can change the profile name to fit your site's requirement. Be careful to do it on the entire file to keep the consistency.
- With RACF, the keyring and the digital certificate are known by their label. With Top Secret, they are known by a Top Secret name. Review all the names given for consistency among the TSS commands to fit your site's requirements. For example:
RACDCERT ADDRING(IZUKeyring.IZUDFLT) ID(IZUSVR)
The Top Secret equivalent of this command is:
TSS ADD(IZUSVR) KEYRING(A#KeyRg) LABLRING(IZUKeyring.IZUDFLT)
- Whenever the label is referenced in a RACF command, A#KeyRg is use in the equivalent Top Secret command.
- Some Top Secret commands are duplicates. Either delete the duplicate commands or leave them as they are and ignore the bad return code when they are executed.
- All changes have to be done before executing these Top Secret commands.