Find All LCF Rules

book

Article ID: 18710

calendar_today

Updated On:

Products

CA Cleanup CA Datacom - DB CA Datacom CA Datacom - AD CA Datacom - Server CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

Question:

Is there a way to find all LCF rules?

Answer:

To find who has access to an LCF, run TSSCFILE during off peak hours with the following commands:

 

TSS LIST(ACIDS) DATA(LCF)       
TSS LIST(ALL) DATA(LCF) 

 

Record id 2100 will contain the LCF facility (ie CICSPROD) in columns 33 through 40.
Record id 2101 will contain authorized commands (inclusive list) in columns 33 through 40, and, if more then one LCF, columns 42 through 49, 51 through 58, etc.
Record id 2102 will contain exempt commands (exclusive list) in columns 33 through 40, and, if more then one LCF, columns 42 through 49, 51 through 58, etc.

The inclusive list says only these transactions can be issued. Any acid with an inclusive list containing the transaction will have access to that

transaction. The exclusive list says any transactions but the ones in the list can be issued. If only inclusive lists exist on the ACIDs, the TSSCFILE output can be searched for the specific transaction. If there are exclusive lists, these will need to be reviewed to determine which exclusive lists do NOT contain the transaction. An EARL, SAS, or other program can be written to search the output. Note that if any 2102 record ids are in the output, those are exclusive lists.

For more information on TSSCFILE, see chapter 5 of the CA Top Secret r15 Report and Tracking Guide and member TSSCFILE in the TSS CAKOJCL0 library.

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: