HFSSEC(ON) and UID=0 and BPX.SUPERUSER
search cancel

HFSSEC(ON) and UID=0 and BPX.SUPERUSER

book

Article ID: 136061

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

We have HFSSEC(ON) and being questioned by auditors regarding entitlements "UID=0 and BPX.SUPERUSER" in our OMVS environment. 


Environment

Release :

Component : CA Top Secret for z/OS

Resolution

When you have HFSSEC(ON), Top Secret control directory access and will override UID(0) and BPX.SUPERUSER....BUT.......UID(0) and BPX.SUPERUSER is not just used for directory access in USS. There are USS commands and functions that require superuser authority. So, there will be instances that superuser authority will be needed, even though you have HFSSEC(ON). Dont recommend removing superuser authority until you validate that the user doesnt really need it based on what they are doing with their acid in USS.