Change SERVAUTH Resclass from NOMASK to MASK in Top Secret

book

Article ID: 130711

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

If the SERVAUTH resource is currently defined with NOMASK how can it be changed to allow MASKING? 

RESOURCE CLASS = SERVAUTH RESOURCE CODE = X'063' POSIT = 558 ATTRIBUTE=NOMASK,MAXOWN(08),MAXPERMIT(064),ACCESS,PRIVPGM ACCESS = NONE(0000),CONTROL(0400),UPDATE(6000),READ(4000) ACCESS = WRITE(2000),ALL(FFFF) DEFACC = READ
  

Environment

z/os

Resolution

Before changing the RESOURCE to MASKABLE all permits must be identified and revoked.
To find all permits to the SERVAUTH resource class issue:
TSS WHOHAS SERVAUTH(*)
Note: Keep a copy of these permits to easily re-permit them.

REVOKE all permits:
TSS REVOKE(acid) SERVAUTH(permit)

REMOVE OWNERSHIPS:
TSS REMOVE(owning acid) SERVAUTH(resource HLQ)

Once all the permits have been revoked and ownerships removed,  the RDT entry for SERVAUTH can be changed:
TSS REPL(RDT) RESCLASS(SERVAUTH) ATTR(MASK)

(RE-) OWN RESOURCES:
TSS ADD(owning acid) SERVAUTH(resource HLQ)

Re-permit all permits that were Revoked:
TSS PERMIT(acid) SERVAUTH(permit) ACCESS(access)