Can you restrict READ only access to the Top Secret security file when accessing it through LDAP?

Changes to ACIDs on the Top Secret security file do not require a permit for UPDATE access to the security file dataset, nor does accessing an ACID's information require a permit for READ access to the security file dataset. The Top Secret administrative authorities determine if the administrator is allowed to change an ACID or list information on the security file.

The LDAP commands issued to LDAP are translated to TSS commands and passed to Top Secret to retrieve/update information from the security file. So, the ability to read/update the security file from LDAP is dependent on the administrator's Top Secret administrative authorities. If the administrator's admin authorities do not allow it to update an ACID on the security file in Top Secret, then that administrator will not be able to update an ACID on the security file through LDAP. The same is true for listing information on the security file.

So, if the user is only allowed to read and not update the security file in Top Secret, the user will also only be allowed to read and not update when going through LDAP.

Whatever administrative authorities the administrator has in Top Secret will be EXACTLY the same authorities the adminstrator will have if going through LDAP. If you can do it via a TSS command, you can do it through LDAP. If you can't do it through a TSS command, you won't be able to do it through LDAP either. Some examples of the Top Secret administrative authorities are:

TSS ADMIN(acid) MISC8(PWMAINT) allows a user to reset passwords and remove suspensions.

TSS ADMIN(acid) RESOURCE(REPORT) allows the administrator to obtain reports for all resources using TSSUTIL, TSSAUDIT, TSSCPR, and TSSCHART.

TSS ADMIN(acid) RESOURCE(INFO) allows the administrator to use TSS WHOOWNS and TSS WHOHAS for any resource.

TSS ADMIN(acid) ACID(MAINTAIN) allows the administrator make changes to acid. You don't want to give this privilege for read only administrators.