According to IBM APAR OA54790, to allow password phrases for console logons, a RACF profile MVS.CONSOLE.PASSWORDPHRASE.CHECK is required for passphrase enablement on consoles. What needs to be done in Top Secret?

Release : 16.0

Component : CA Top Secret for z/OS

The OPERCMDS(MVS.CONSOLE.PASSWORDPHRASE.CHECK) resource needs to be owned and permitted in Top Secret.

TSS ADD(dept) OPERCMDS(MVS.CONSOLE.PASSWORDPHRASE)   (if not already done. NOTE: The OPERCMDS resource only allows up to 26 characters in the resource name, which is why the command above is for MVS.CONSOLE.PASSWORDPHRASE and not MVS.CONSOLE.PASSWORDPHRASE).CHECK.)

TSS PER(acid) OPERCMDS(MVS.CONSOLE.PASSWORDPHRASE.CHECK) ACC(ALL)

where 

'dept' is the department ACID to own the resource

'acid' is the user's ACID, an attached profile, or the ALL record if all users should be allowed to use password phrases for console logons.