Release :

Component : CA Top Secret for z/OS

There really isnt any specific in the doc that talks specifically about MSCA ownership. Top Secret is an open security package which means only those resources defined to the security file will be protected. If the resource is not defined to TSS, then it will not be protected by TSS and users will have unrestricted access to it. To define a resource to Top Secret, you have to 'own' the resource. This is where ownership comes in. 

Example: 

 TSS ADD(JOE) PROGRAM(ABCD) 

The above command tells TSS that program is protected now and if a user wants to access it, the user must have a PERMIT for it:

Example: 

 TSS PERMIT(MARY) PROGRAM(ABCD) ACC(ALL) Any acid can be the owner, but best practices are: 

1. Very broad ownerships are owned by the MSCA like MQCMD(**), PROGRAM(**), VOLUME(*ALL*(G)) 

2. Other regular ownerships should be give to depart type acids. Must site create special dept type acids to own the various resource types. 

Example: 

 Create an department type acid called 'PROGS' to own all the programs you want secured by TSS. 'CICSTRAN' department acid to own all CICS transactions. 'FILES' department acid to own all files and datasets....etc... The owning acids can be anything, but I suggest you use a meaningful name.