Turning HFSSEC OFF in CA Top Secret to return to native USS Securty


Article ID: 130513


Updated On:


CA Top Secret CA Top Secret - LDAP


We are planning to return to native UNIX file system security using the UNIX ACLs and Extended ACLs.

Is it simply changing HFSSEC from ON to OFF, or is there more to it than that simple change?

Are there any changes to ENF that have to be made in this effort? If there are multiple tasks to be done to switch back to Native UNIX security, is there a document that details the process? 


Component: TSSMVS


Disabling TSS HFSSEC security as simple as turning it off via HFSSEC(OFF). 

Before turning HFSSEC(OFF), it is recommend that USS native security definitions for your users are in place. 

Once TSS HFSSEC security is off, you will be at the mercy of USS security. 
DCM KO50DCM2 not only needed for HFS security to be active but for other features in TSS like CICS security. 

If you are using any of the features listed, then you shouldnt remove KO50DCM2 or they will stop functioning. 

It wont hurt to have KO50DCM2 installed and have HFSSEC(OFF) set.