Top Secret resource refresh - CSFSERV not working for SMSVSAM or CICS region acid.

book

Article ID: 192365

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP CA Web Administrator for Top Secret

Issue/Introduction

A CSFSERV resource was issued to the CICS region acid and a TSS REFRSH(cicsregionacid) JOBNAME(*) was performed, but the acid doesnt pick up the PERMIT until the CICS region is recycled.

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

When refreshing SMSVSAM, or any address space's region acid, the TSS REFRESH command sets a flag in the ACEE for the acid being refreshed.

With the flag set, the next security event for that acid will drive the actually refreshing of the acid’s environment.

The reason why the SMSVSAM and/or the CICS region acid wasn't refreshed was because the CSFSERV security check (fastauth) runs in cross-memory mode.

One of IBM’s restriction for cross-memory mode is the use of SVC's are prohibited.

Top Secret cannot perform an acid refresh under cross-memory mode because SVC's (namely ENQ/waits) are issued during the rebuilding the ACEE environment, so the security check to drive a successful refresh would need to come from within the SMSVSAM or CICS address space.

Until IBM can provide some way to kick-off a security check from within SMSVSAM or CICS region, refreshing the SMSVSAM  or CICS region acid cannot be done.