What are the HFSSEC profiles needed for SYSPLEX mode USS?

Release : 16.0

Component : CA Top Secret for z/OS

According to the IBM documentation for SYSPLEX mode USS, these are the default sysplex directories:

/bin
/usr
/lib
/opt
/samples
/dev
/var
/etc
/u

that will be needed to defined and authorized accordingly.

Issue TSS ADD command for each of the HFS directories. Example:

TSS ADD(owningacid) HSFSEC(/usr)

TSS ADD(owningacid) HSFSEC(/dev)

To authorize any started task, batch job and user, PERMIT them to the HFS Directories. 

Example:

TSS PER(acid) HFSSEC(/bin) ACCESS(ALL) 
TSS PER(acid) HFSSEC(/usr) ACCESS(ALL) 
TSS PER(acid) HFSSEC(/lib) ACCESS(ALL) 
TSS PER(acid) HFSSEC(/opt) ACCESS(ALL) 
TSS PER(acid) HFSSEC(/samples) ACCESS(ALL) 
TSS PER(acid) HFSSEC(/dev) ACCESS(ALL) 
TSS PER(acid) HFSSEC(/var) ACCESS(ALL) 
TSS PER(acid) HFSSEC(/etc) ACCESS(ALL) 
TSS PER(acid) HFSSEC(/u) ACCESS(ALL) 

Any user directories outside of the defaults, will need to be defined and authorized to the directory via:

TSS ADD(owning_acid) HFSSEC(/xxxxxxxx) 

TSS PER(acid) HFSSEC(/xxxxxxxx) ACCESS(ALL)

Suggest creating a PROFILE acid and PERMITting it to the directories. Then giving the started tasks, batch jobs and users that need it.

Example:

1. Create PROFILE acid

TSS CREATE(prof) TYPE(PROFILE) NAME('SYSPLEX USS DIRECTORIES')  DEPT(some_department) 

2. Authorize PROFILE the directories:

Example:

TSS PER(prof) HFSSEC(/bin) ACCESS(ALL) 
TSS PER(prof) HFSSEC(/usr) ACCESS(ALL) 
TSS PER(prof) HFSSEC(/lib) ACCESS(ALL) 
TSS PER(prof) HFSSEC(/opt) ACCESS(ALL) 
TSS PER(prof) HFSSEC(/samples) ACCESS(ALL) 
TSS PER(prof) HFSSEC(/dev) ACCESS(ALL) 
TSS PER(prof) HFSSEC(/var) ACCESS(ALL) 
TSS PER(prof) HFSSEC(/etc) ACCESS(ALL) 
TSS PER(prof) HFSSEC(/u) ACCESS(ALL) 

3. Add the PROFILE to the started task region acid:

TSS ADD(started_task_acid) PROFILE(prof)