Can you delete an acid that was deleted accidentally on the security file?
Release : 15.0
Component : CA Top Secret for z/OS
There is no function built in to Top Secret to restore an individual acid once it is deleted.
The entire security file will have to be restored to recover the acid from a previous back.
The procedure to restore the security file depends on the method you used to backup the security file. Please let me know what applications or procedures you use to backup the security file. If you have multiple methods and versions of backups, please let me know what they are so I can recommend the best method.
Regardless of the method used, the Top Secret address space needs to be brought down while the security file is being restored from a backup.
If you have a copy of the security file, you can use TSS LIST(xxxxx) DATA(ALL,PROFILE) ARCHIVE INTO(dataset(membername))
During the archive process, most of the user’s security record information is archived. However, the following fields are not copied during the archive process:
- Field values not displayed by a TSS LIST command
- Passwords or passphrases
- Digital certificate and keyring segments:
- Certificate name, certificate start date, certificate until date, certificate ID, certificate subject DN
- Certificate keyring, certificate serial number, certificate issuer IDN, certificate issuer SDN, certificate NB date
- Certificate NA date, certificate key size, certificate key type, certificate label, certificate trust status
- Certificate URI, certificate IP address, certificate key usage
- Create/Modify date and time
- Last used info
- ACIDS (which lists the ACIDs that are part of a profile or department)
- Facility ADMINBY
- Facility Calendar
- Segment start
Note: If an ACID contains a SUSPEND field, that field is copied when it includes the FOR or UNTIL keyword (which indicates how long a suspension is enforced).
If the user being archived has digital certificates, we highly recommend that the security administrator use the EXPORT command to export all certificates and private keys in the PKCS12 format into a data set. This exported certificate dataset can then be used to restore those certificates back to the user.
ARCHIVE INTO can also be used on the TSS DELETE command. It can be used to backup the acid before you delete just in case you want to delete.
TSS DELETE(acid) ARCHIVE INTO(dataset(membername))
Joseph Porto - Broadcom Level 1 Support