Turning HFSSEC OFF in CA Top Secret to return to native USS Securty
Article ID: 130513
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
We are planning to return to native UNIX file system security using the UNIX ACLs and Extended ACLs.
Is it simply changing HFSSEC from ON to OFF, or is there more to it than that simple change?
Are there any changes to ENF that have to be made in this effort? If there are multiple tasks to be done to switch back to Native UNIX security, is there a document that details the process?
Is it simply changing HFSSEC from ON to OFF, or is there more to it than that simple change?
Are there any changes to ENF that have to be made in this effort? If there are multiple tasks to be done to switch back to Native UNIX security, is there a document that details the process?
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
Disabling TSS HFSSEC security as simple as turning it off via HFSSEC(OFF).
Before turning HFSSEC(OFF), it is recommend that USS native security definitions for your users are in place.
Once TSS HFSSEC security is off, you will be at the mercy of USS security.
DCM KO50DCM2 not only needed for HFS security to be active but for other features in TSS like CICS security.
If you are using any of the features listed, then you shouldnt remove KO50DCM2 or they will stop functioning.
It wont hurt to have KO50DCM2 installed and have HFSSEC(OFF) set.
Before turning HFSSEC(OFF), it is recommend that USS native security definitions for your users are in place.
Once TSS HFSSEC security is off, you will be at the mercy of USS security.
DCM KO50DCM2 not only needed for HFS security to be active but for other features in TSS like CICS security.
If you are using any of the features listed, then you shouldnt remove KO50DCM2 or they will stop functioning.
It wont hurt to have KO50DCM2 installed and have HFSSEC(OFF) set.
Feedback
Yes
No
Powered by
