IBM has presented a path to replace access for BPX.DEFAULT.USER for UNIX. Does CA Technologies have something relative for CA Top Secret?
The equivalent in CA Top Secret is the UNIQUSER control option. (The OMVSUSR control option is the equivalent of the BPX.DEFAULT.USER for Unix.) After z/OS 1.13, the OMVSUSR control option will no longer work. The UNIQUSER control option in CA Top Secret will have to be used. And the OMVSGRP control option will still be needed.
For the UNIQUSER control option, the values are:
Activates the AUTOUID OMVS log on feature. When active, if a user logs on to OMVS and does not have an OMVS segment, CA Top Secret permanently assigns a UID to the ACID as if added by the administrator using a TSS command. In addition, the OMVS segment information from the ACID specified in the MODLUSER control option is added to the ACID. If the DFLTGRP ACID does not have a GID, one is automatically be generated and added to the DFLTGRP.
(Default) Deactivates the AUTOUID OMVS log on feature. Normal default processing occurs for ACIDs who log on to OMVS without OMVS segment information.
The MODLUSER acid should be given the fields UID, HOME, OMVSPGM, OECPUTM, PROCUSER, ASSIZE, THREADS, MMAPAREA, MEMLIMIT, and SHMEMMAX.
The sequence of events, (starting in z/OS 1.11 when BPX.UNIQUE.USER was introduced), is:
For sites interested in finding what users are actually accessing Unix System Services using the BPX.DEFAULT.USER values (OMVSUSR control option), CA Top Secret r15 fix RO58980 adds the ability to turn on a BPX.DEFAULT.USER "trace".
To activate this support, you will need to set CA Top Secret Control Option OPTIONS(32) to enable the USS logging feature and OPTIONS(85) to generate the default use trace messages.
By activating Options(32,85), you will automatically log any successful initUSP callable service that has used the BPX.DEFAULT.USER values.
Release: TOPSEC00200-15-Top Secret-Security