Top Secret has been installed with a new (unpopulated) security file. Top Secret comes up at IPL, but IBMUSER is the only user that can logon TSO. Where is the MSCA? It appears Top Secret is working with SYS1.UADS rather than with the security file.

Release : 16.0

Component : Top Secret for z/OS

The MSCA ACID and initial password (from the Top Secret security file) are set in the SCA=msca/password in the MAINTIN DD statement from the TSSMAINS job used to allocate the security file.

With TSO, the TSO signon information such as the TSO logon proc, account number, etc, needs to reside either on the Top Secret security file or in SYS1.UADS. Since the security file is a new security file with only the MSCA ACID defined, then the MSCA ACID needs to be defined in SYS1.UADS using the TSO ACCOUNT command so this ACID can signon to TSO once the system comes up. 

See TSO/E Administration and Examples for more information on adding a user definition to SYS1.UADS with the TSO ACCOUNT command and examples:

Once the MSCA ACID can signon, it has authority and scope to create other ACID types (ie SCA, DEPT, etc).

NOTES:

• In WARN, IMPL, or FAIL mode, the password from the Top Secret security file is used for the signon.
• In DORMANT mode, the password in SYS1.UADS is used, not the password on the Top Secret security file.
• If the MSCA is not defined to SYS1.UADS and does not have at least 1 TSO field on the acid, the signon with the ACID’s password (from the Top Secret security file) will fail with: IKJ56420I Userid xxxxxx not authorized to use TSO