Can you permit a CASECAUT resource to ADD or REMOVE a FACILITY from a user.

It appears that in R16, we can only

                TSS ADMIN(admin) FACILITY(ALL | facname1,…)

Release : 16.0

Component : CA Top Secret for z/OS

TSS administrative authority to authorize a user to TSS REMOVE or TSS ADD a FACILITY to an acid with the CASECAUT resource class cannot be controlled through authorization to CASECAUT.

The doc at the following link showed the following statement:

"The CASECAUT resource class enables users with no administrative authorities to change certain password-related fields and issue digital certificate, keyring, and token commands for users within their scope."

Please notice it doesn’t mention adding of FACILITYs.