Restrict ACID deleting by administrator
search cancel

Restrict ACID deleting by administrator

book

Article ID: 186762

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Is it possible to restrict Administrator from accidentally deleting ACID?

Environment

z/OS

Resolution

This an enhancement to CA Top Secret 16.0 by applied SO11904. 

To prevent an administrator from deleting ACIDs, you can give the administrator USE access to entity TSSCMD.USER.NODELETE.ACID in the CASECAUT resource class. The administrator still retains all other existing authorizations. Restricting ACID delete capability helps prevent inadvertently deletes.

TSS PERMIT(recipient_acid) CASECAUT(TSSCMD.USER.NODELETE.ACID) ACCESS(USE)

Additional Information

In the CASECAUT permission, you must specify the fully qualified entity name (TSSCMD.USER.NODELETE.ACID). You cannot specify a generic or masked permission (for example, TSSCMD.USER.NODELETE.* or TSSCMD.USER.).