Unable to Create a TSS account when Division is used
search cancel

Unable to Create a TSS account when Division is used

book

Article ID: 140012

calendar_today

Updated On:

Products

LDAP SERVER FOR Z/OS CA Identity Manager Top Secret

Issue/Introduction

Creating a TYPE(USER) and TYPE(PROFILE) ACIDs in a DIVISION rather than in a DEPARTMENT. When using the following commands:

TSS CREATE(useracid) TYPE(USER) NAME('xxx') PASSWORD(xxx) DIV(divacid) or TSS CREATE(profileacid) TYPE(PROFILE) NAME('xxx') DIV(divacid) 

the following error messages are received:

TSS0299E DIVISION KEYWORD ILLEGAL FOR FUNCTION 

 

Environment

Identity Manager 14.x

Resolution

Put the USER or PROFILE type acid in a DEPARTMENT, when it is created.

Example:

TSS CREATE(useracid) TYPE(USER) NAME('user acid') PASSWORD(xxx) DEPT(deptacid) or TSS CREATE(profacid) TYPE(PROFILE) NAME('profile acid') DEPT(deptacid) 

The DEPARTMENT can then be put into any DIVISION using the following command:

TSS MOVE(deptacid) DIV(divisionacid) 

If creating a DEPARTMENT type ACID (TYPE(DEPT) ), specify the DIVISION on the TSS CREATE command to put that DEPARTMENT into that DIVISION.

Example:

TSS CREATE(deptacid) TYPE(DEPT) DIVISION(divisionacid) NAME('division name') 
In Identity Manager's account template, make sure to utilize Department instead of Division

Additional Information

Please refer to the CA Top Secret Command Functions Guide for more details about TSS CREATE, TSS MOVE, TYPE, DIVISION, DEPT and NAME.