Is there a way to find all LCF rules?
To find who has access to an LCF, run TSSCFILE during off peak hours with the following commands:
TSS LIST(ACIDS) DATA(LCF) TSS LIST(ALL) DATA(LCF)
Record id 2100 will contain the LCF facility (ie CICSPROD) in columns 33 through 40.
Record id 2101 will contain authorized commands (inclusive list) in columns 33 through 40, and, if more then one LCF, columns 42 through 49, 51 through 58, etc.
Record id 2102 will contain exempt commands (exclusive list) in columns 33 through 40, and, if more then one LCF, columns 42 through 49, 51 through 58, etc.
The inclusive list says only these transactions can be issued. Any acid with an inclusive list containing the transaction will have access to that
transaction. The exclusive list says any transactions but the ones in the list can be issued. If only inclusive lists exist on the ACIDs, the TSSCFILE output can be searched for the specific transaction. If there are exclusive lists, these will need to be reviewed to determine which exclusive lists do NOT contain the transaction. An EARL, SAS, or other program can be written to search the output. Note that if any 2102 record ids are in the output, those are exclusive lists.
For more information on TSSCFILE, see chapter 5 of the CA Top Secret r15 Report and Tracking Guide and member TSSCFILE in the TSS CAKOJCL0 library.
Release: TOPSEC00200-15-Top Secret-Security