search cancel

ICSF Resource ID XFACILIT(CSF.CSFSERV.AUTH.CSFRNG.DISABLE) With Top Secret

book

Article ID: 189397

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

According to the ICSF documentation, a resource ID of "CSF.CSFSERV.AUTH.CSFRNG.DISABLE" in resource ID "XFACILIT" can be defined in a RACF system with "UACC(NONE)" and if present, security calls for ICSF resource ID "CSFRNG" in resource class ID "CSFSERV" will be bypassed.

The following was attempted without success -

TSS ADDTO(ICSF) XFACILIT(CSF.)

TSS PERMIT(ALL) XFACILIT(CSF.CSFSERV.AUTH.CSFRNG.DISABLE) ACCESS(READ)

After restarting a started task that invokes ICSF callable service "CSFRNG", multiple security calls for resource ID "CSFRNG" in resource class ID "CSFSERV" are still occurring.

Can you please advise how to configure this functionality for Top Secret Security?

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

The access level on the PERMIT should be NONE, not READ:

TSS REVOKE(ALL) XFACILIT(CSF.CSFSERV.AUTH.CSFRNG.DISABLE) ACCESS(READ)

TSS PERMIT(ALL) XFACILIT(CSF.CSFSERV.AUTH.CSFRNG.DISABLE) ACCESS(NONE)