Add TSS FACILITY controlled through CASECAUT

book

Article ID: 140329

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Can you permit a CASECAUT resource to ADD or REMOVE a FACILITY from a user.

It appears that in R16, we can only

                TSS ADMIN(admin) FACILITY(ALL | facname1,…)

 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

TSS administrative authority to authorize a user to TSS REMOVE or TSS ADD a FACILITY to an acid with the CASECAUT resource class cannot be controlled through authorization to CASECAUT.

 

The doc at the following link showed the following statement:

 

"The CASECAUT resource class enables users with no administrative authorities to change certain password-related fields and issue digital certificate, keyring, and token commands for users within their scope."

   

Please notice it doesn’t mention adding of FACILITYs.