Certificates owned by Certauth and Certsite can be shared on a keyring with the following permits given to the acid that owns the keyring:
IBMFAC(IRR.DIGTCERT.LIST) ACCESS(UPDATE)
IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(UPDATE)

Certificates owned by another acid can be shared on a keyring
The above permits need to be given to the owner of the keyring, and the acid that is going to use the keyring. 
The following permits to the Rdatalib class also need to be in place.

In the below scenario USER1 needs to share USER2's keyring and the certificates attached:

Note:
The RDATALIB Resclass may have to be defined to the RDT:
TSS ADD(RDT) RESCLASS(RDATALIB) ATTR(LONG,MASK) ACLST(NONE=0000,CONTROL=6400,UPDATE=6000,READ=4000,ALL=FFFF)

Own the resource:
TSS ADD(dept) RDATALIB(USER2.USER2RING.LST)

Give USER2 RDATALIB Access to the keyring:
TSS PERMIT(USER2) RDATALIB(USER2.USER2RING.LST)  ACCESS(READ)

Give USER1 Access to use USER2's Keyring and the certificates attached:
TSS PERMIT(USER1) RDATALIB(USER2.USER2RING.LST) ACCESS(UPDATE)

Note:
The format for the RDATALIB permit is:
RDATALIB(owner of the keyring.name of the keyring.LST)