Top Secret can not delete ACID after RS2011 applied receive TSS1637E Not Authorized to delete acids

book

Article ID: 206007

calendar_today

Updated On:

Products

CA Top Secret

Issue/Introduction

Before applying RS2011  admin account was able to delete USER ACID's, but after applying RS2011, admin are no longer able to delete USER ACID, receive error now :

TSS1637E Not Authorized to delete acids
TSS0301I  DELETE   FUNCTION FAILED, RETURN CODE =  8

TSS1637E error message talk about The administrator must revoke the USE access to entity TSSCMD.USER.NODELETE.ACID in the CASECAUT class.

 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

 RESOURCE CLASS = CASECAUT
    RESOURCE CODE = X'156'   POSIT =    592
        ATTRIBUTE = MASKABLE,MAXOWN(26),MAXPERMIT(044),ACCESS,DEFPROT
           ACCESS = NONE(0000),GRANT(1C00),CONTROL(6400),PRIVILEG(6000)
           ACCESS = UPDATE(2000),USE(4000),ALL(FFFF)
           DEFACC = USE
 TSS0300I  LIST     FUNCTION SUCCESSFUL

With only high level permit CASECAUT = TSSCMD no access level  DEFACC = USE
if your RDT looks like mine, this looks to be the cause.

Issue a second permit in this profile:

TSS PER(SECPROF) CASECAUT(TSSCMD.USER.NODELETE.ACID) ACC(NONE). 

This will allow the admin to delete acids.

APAR #: SO11904 Release: 16.0

RESTRICT ABILITY TO DELETE ACIDS
 
 ENHANCEMENT DESCRIPTION:
 Provide the ability to control which administrators are allowed to delete
 ACIDs.  A user granted permission to CASECAUT(TSSCMD.USER.NODELETE.ACID)
 ACCESS(USE) will be prevented from deleting any ACID.