Multiple Identical Permissions In Top Secret
Article ID: 187175
Updated On:
Products
Top Secret
Issue/Introduction
Listing an acid shows an XA permission that seems to be repeated, without any differences, in the same profile:
XA OTRAN = xxxx OWNER(dept)
ACCESS = ALL
XA OTRAN = xxxx OWNER(dept)
ACCESS = ALL
Is there some difference? If not, how did it get in there? Does Top Secret spot and ignore duplicate permissions?
XA OTRAN = xxxx OWNER(dept)
ACCESS = ALL
XA OTRAN = xxxx OWNER(dept)
ACCESS = ALL
Is there some difference? If not, how did it get in there? Does Top Secret spot and ignore duplicate permissions?
Environment
Release : 16.0
Component : CA Top Secret for z/OS
Resolution
A long time ago, if the same resource was permitted twice, the acid would have multiple permits on it. The code was changed to prevent this, however, any duplicates still existed. The following should be done to remove the duplicate permits:
TSS REVOKE(acid) OTRAN(AIDR)
TSS LIST(acid) DATA(XAUTH) RESCLASS(OTRAN) to make sure both permits were revoked
TSS PERMIT(acid) OTRAN(AIDR) ACCESS(ALL)
TSS LIST(acid) DATA(XAUTH) RESCLASS(OTRAN) to make sure there is only a single permit
TSS REVOKE(acid) OTRAN(AIDR)
TSS LIST(acid) DATA(XAUTH) RESCLASS(OTRAN) to make sure both permits were revoked
TSS PERMIT(acid) OTRAN(AIDR) ACCESS(ALL)
TSS LIST(acid) DATA(XAUTH) RESCLASS(OTRAN) to make sure there is only a single permit
Feedback
Yes
No
Powered by
