Currently, the TSSCFILE job is run daily to extract user data from the security file but it's not real time since it's a batch job. Is there a free real time alternative?

Release : 16.0

Component : Top Secret for z/OS

There is no built in Top Secret functionality to extract the information in real time that is free of charge.

Compliance Event Manager is a chargeable and separate product. 

A user written program using one of our Top Secret application interfaces can be written.

4 options are below:

1. From a user written program, issue a TSS LIST via TSSCICS Application Interface and extract the information from the output.

2. From a user written program, use CA LDAP to extract the information from the user record. This requires experience with coding ldap commands to extract information from the LDAP server.

3. From a user written program, use the Top Secret TSSAI Application Interface with COBOL, PL/I or Assembler to extract the field from the user record.

4. From a user written program, issue a TSS command via IBM macro RACROUTE r_admin. A programmer familiar with Assembler and the RACROUTE macro will be required to code this custom user application. Since the RACROUTE macro in an IBM macro, please refer to the IBM doc for more details and information about it. The following link is an sample RACROUTE r_admin.

These options extract the data directly from the security file in real time.

If extracting large amounts of data for many users, it is not recommend using these interfaces. If there is heavy I/O against the security file, it could slow system performance since there will be competition for security file I/O

Instead of dumping the primary security file to TSSCFILE use TSSCFBK instead. Using TSSCFBK from the backup security file is the recommended way to extract large amounts of data from the backup security file instead of the primary security file. This method is not real time, but it will have less performance degradation on a live system, since the backup security file is being dumped and not the primary security file. Since the primary security file is not impacted, this will allow the backup security file to be dumped multiple times a day. Of course, this would mean running a TSS MODIFY BACKUP to synch the backup security file with the primary security file.