Add TSS FACILITY controlled through CASECAUT
search cancel

Add TSS FACILITY controlled through CASECAUT


Article ID: 140329


Updated On:


Top Secret Top Secret - LDAP


Can you permit a CASECAUT resource to ADD or REMOVE a FACILITY from a user.

It appears that in R16, we can only

                TSS ADMIN(admin) FACILITY(ALL | facname1,…)



Release : 16.0

Component : CA Top Secret for z/OS


TSS administrative authority to authorize a user to TSS REMOVE or TSS ADD a FACILITY to an acid with the CASECAUT resource class cannot be controlled through authorization to CASECAUT.


The doc at the following link showed the following statement:


"The CASECAUT resource class enables users with no administrative authorities to change certain password-related fields and issue digital certificate, keyring, and token commands for users within their scope."


Please notice it doesn’t mention adding of FACILITYs.