Master ACID owning generic resources
search cancel

Master ACID owning generic resources


Article ID: 133699


Updated On:


Top Secret Top Secret - LDAP


Can you point me to the documentation concerning what happens when the Master ACID owns a generic resource like MQQUEUE(**)?   I


Release :

Component : CA Top Secret for z/OS


There really isnt any specific in the doc that talks specifically about MSCA ownership. Top Secret is an open security package which means only those resources defined to the security file will be protected. If the resource is not defined to TSS, then it will not be protected by TSS and users will have unrestricted access to it. To define a resource to Top Secret, you have to 'own' the resource. This is where ownership comes in. 





The above command tells TSS that program is protected now and if a user wants to access it, the user must have a PERMIT for it:



 TSS PERMIT(MARY) PROGRAM(ABCD) ACC(ALL) Any acid can be the owner, but best practices are: 


1. Very broad ownerships are owned by the MSCA like MQCMD(**), PROGRAM(**), VOLUME(*ALL*(G)) 

2. Other regular ownerships should be give to depart type acids. Must site create special dept type acids to own the various resource types. 



 Create an department type acid called 'PROGS' to own all the programs you want secured by TSS. 'CICSTRAN' department acid to own all CICS transactions. 'FILES' department acid to own all files and datasets....etc... The owning acids can be anything, but I suggest you use a meaningful name.