List Data MFA Admin Combined With *ALL* Anomaly
Article ID: 115543
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
Why is MFA displayed in USER1 but not in USER2?
TSS ADD(xxx) ADMIN(MFA) has never been done. After upgrading to Top Secret R16 from R15 the following anomaly is seen when listing 2 DCA ACIDs:
User1
TYPE = DEPT C/A
----------- ADMINISTRATION AUTHORITIES
ACID = INFO
LIST DATA = *ALL*,MFA
User2
TYPE = DEPT C/A
----------- ADMINISTRATION AUTHORITIES
ACID = INFO
LIST DATA = *ALL*
DATA(ALL) allows an administrator to list everything except PASSWORD, SESSKEY, and PROFILE contents. If ALL implies MFA, why is MFA displayed in USER1 but not in USER2?
What options are there to resolve this anomaly?
TSS ADD(xxx) ADMIN(MFA) has never been done. After upgrading to Top Secret R16 from R15 the following anomaly is seen when listing 2 DCA ACIDs:
User1
TYPE = DEPT C/A
----------- ADMINISTRATION AUTHORITIES
ACID = INFO
LIST DATA = *ALL*,MFA
User2
TYPE = DEPT C/A
----------- ADMINISTRATION AUTHORITIES
ACID = INFO
LIST DATA = *ALL*
DATA(ALL) allows an administrator to list everything except PASSWORD, SESSKEY, and PROFILE contents. If ALL implies MFA, why is MFA displayed in USER1 but not in USER2?
What options are there to resolve this anomaly?
Environment
z/os
Resolution
For the DATA(MFA) suddenly showing up, there are 2 options:
1) Manually remove MFA admin authority: TSS DEADMIN(acid) DATA(MFA).
2) If never intend to use MFA, you could leave alone.
The root cause of the problem is the bit value now being used for MFA was used for the Top Secret/PC product (1992) prior to Top Secret R9 and was the bit value included DATA(ALL) admin permission.
1) Manually remove MFA admin authority: TSS DEADMIN(acid) DATA(MFA).
2) If never intend to use MFA, you could leave alone.
The root cause of the problem is the bit value now being used for MFA was used for the Top Secret/PC product (1992) prior to Top Secret R9 and was the bit value included DATA(ALL) admin permission.
Feedback
Yes
No
Powered by
