LAST USED In Top Secret Not Matching DATE REFERENCED in CA Cleanup
search cancel

LAST USED In Top Secret Not Matching DATE REFERENCED in CA Cleanup


Article ID: 200462


Updated On:




How exactly related is the LAST USED date from the output of the TSS LIST command and the DATE REFERENCED from the Cleanup for Top Secret report?

Using the TSS LIST command, some ACIDs type USER are without corresponding LAST USED date (blank). On the other hand, on the Cleanup for Top Secret report, all ACIDs type USER have corresponding DATE REFERENCED.

Comparing the non-blank LAST USED date from TSS LIST command and DATE REFERENCED on the Cleanup for Top Secret, the dates are different for the same ACID.

If the LAST USED date and DATE REFERENCED are expected to have different values, could we make the DATE REFERENCED the same as LAST USED by changing our current Cleanup for Top Secret startup parameter?


Release : 16.0

Component : CA Top Secret for z/OS


For most acids, the LAST USED date on the acid will match the DATE REFERENCED in the Cleanup for Top Secret report. However, there are situations where an acid could signon with an id and password and NOT get the lastused info updated. It is entirely up to the caller (whoever is driving the signon) as to whether or not these stats are updated. The lastused stats will (or won't) be updated based on what the STAT= option is set to on the RACROUTE, REQ=VERIFY,ENVIR=CREATE request, which is what drives a signon.

Some examples of when lastused stats are not updated are ATS (automatic terminal signon) ACIDs and ISC signons in the AOR. (This is done for performance reasons. Updating the lastused stats for these signons would generate more I/O to the security file which may adversely affect the system's performance.) Top Secret has an OPTIONS control option, OPTIONS(30), that can be set to update lastused stats for ATS acids, but be aware that setting this option may adversely affect the system's performance.

CA Cleanup tracks the usage in the above scenarios.

Lastused stats are not CPF'd either. This is also done for performance reasons. If systems A and B CPF to each other, and the user only signs on to system A, the lastused stats won't be updated on system B. If the TSS LIST command is done on system B, you wouldn't see a lastused date.