Top Secret Commands Translation for z/OSMF on z/OS 2.2.
search cancel

Top Secret Commands Translation for z/OSMF on z/OS 2.2.


Article ID: 10467


Updated On:


Top Secret Top Secret - LDAP


  • This article has an attached file which contains the Top Secret commands to implement z/OSMF for z/OS 2.2.
  • The first lines at the top of the file RACF2TSS_ZOSMF22.txt (when you open it) are NOTES. Carefully review all these notes before executing any commands.
  • Every single RACF command is left in commentary, followed by one or more Top Secret equivalent commands.
  • The goal of the file is to translate the RACF commands to the Top Secret equivalent commands and to add some clauses with respect to the syntax of the Top Secret commands. But, it is not possible to run the commands as they are in the file. You have to customize them to fit your local requirements. See the NOTES in the file. 




  • Download the attached file  RACF2TSS_ZOSMF22.txt to your host.
  • Read the NOTES.
  • Make all necessary change to fit your local requirement. It is possible that IBM makes some changes as well, depending on the release. 
  • Some translations might be missing. However, the file gives a lot of examples of translations. You can refer to them to make your own translation.
  • It may be possible that when a digital certificate is generated, that you have to send it to a Certificate Authority to get it signed, validated, and added to the Top Secret database.
  • This is not specified within the file, as we only translate the RACF command.

Additional Information

For more information about Top Secret commands, go to the link here. The NOTES have been copied below:


  • The #dept is one of your existing department ACIDs or has to be created. You have to replace #dept with a department of your choice.
  • With Top Secret, the type GROUP ACID is reserved to manage GID() only. So, no permits can be done to a Top Secret GROUP. This is why you need to create a type PROFILE ACID to handle those permits.
  • You will see some additional lines with '##' in there. These lines are commented out on purpose. You can ignore it, except for the lines that create a PROFILE. This PROFILE is likely used later on within this file.
  • Be very careful and review. You have to assess whether you want to apply the commands or not. You can change the profile name to fit your site's requirement. Be careful to do it on the entire file to keep the consistency.
  • With RACF, the keyring and the digital certificate are known by their label. With Top Secret, they are known by a Top Secret name. Review all the names given for consistency among the TSS commands to fit your site's requirements. For example:


    The Top Secret equivalent of this command is:

  • Whenever the label is referenced in a RACF command, A#KeyRg is use in the equivalent Top Secret command.
  • Some Top Secret commands are duplicates. Either delete the duplicate commands or leave them as they are and ignore the bad return code when they are executed.
  • All changes have to be done before executing these Top Secret commands.

Attachments get_app