A few Top Secret profile ACIDs were deleted by mistake. Unfortunately, the profiles were deleted without doing any TSS LIST commands on the profiles. TSSAUDIT CHANGES shows the TSS DELETE commands, but there is nothing there to show how to rebuild the deleted profiles. Now, is there any way to rebuild those deleted profiles?

Component: TOPSEC00200-Top Secret-Security

If a backup of the Top Secret security file has not been taken since the profiles were deleted, a recycle of Top Secret pointing to the backup files can be done and then list the profiles with ARCHIVE INTO to get the TSS commands to rebuild the profile ACIDs.

If a backup of the Top Secret security file has already been done, if TSSCFILE is run with TSS LIST(ACIDS) DATA(ALL) on a regular basis, the latest output from this command will show the contents of the profiles. If the output is old and the recovery file data goes back to the date of the output (or if you have backups of the recovery files from that date), the CA Top Secret recovery job (TSSRCVR1) or a TSSAUDIT CHANGES report can be to get the commands against the profiles since the TSSCFILE job was run.

If a backup has already been done and TSS LIST(ACIDS) DATA(ALL) output is not available with the profile ACIDs, an old copy of the security file (and VSAM extension) that has the profiles will need to be restored and recycle Top Secret pointing to these files. Then list the profiles (with ARCHIVE INTO) to get the commands needed to rebuild the profiles. Then recycle Top Secret pointing back to the current security file (and VSAM extension). This should probably be done on a test system to minimize the impact.

TSS LIST(profile) ARCHIVE INTO(pds.data.set.name(xxx))

ARCHIVE INTO can be used on TSS LIST and DELETE commands to archive an ACID's permissions and resources into the form of TSS commands. The produced TSS commands can be stored in a PDS data set and used to restore the user in the future.

TSS LIST(profile) ARCHIVE INTO(pds.data.set.name(xxx)) will create member 'xxx' in pds.data.set.name with the commands to recreate the profile.

It is NOT possible to do TSS LIST(ACIDS) ARCHIVE INTO(pds.data.set.name(xxx)).