Allow Top Secret Password Phrases For MVS Console Signons

book

Article ID: 140924

calendar_today

Updated On:

Products

CA Top Secret

Issue/Introduction

According to IBM APAR OA54790, to allow password phrases for console logons, a RACF profile MVS.CONSOLE.PASSWORDPHRASE.CHECK is required for passphrase enablement on consoles. What needs to be done in Top Secret?

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

The OPERCMDS(MVS.CONSOLE.PASSWORDPHRASE.CHECK) resource needs to be owned and permitted in Top Secret.

TSS ADD(dept) OPERCMDS(MVS.CONSOLE.PASSWORDPHRASE)   (if not already done. NOTE: The OPERCMDS resource only allows up to 26 characters in the resource name, which is why the command above is for MVS.CONSOLE.PASSWORDPHRASE and not MVS.CONSOLE.PASSWORDPHRASE).CHECK.)

TSS PER(acid) OPERCMDS(MVS.CONSOLE.PASSWORDPHRASE.CHECK) ACC(ALL)

where 

'dept' is the department ACID to own the resource

'acid' is the user's ACID, an attached profile, or the ALL record if all users should be allowed to use password phrases for console logons.