Top Secret Request Clarification from CATSS Support on GROUP ID IZUSVRGP

book

Article ID: 208167

calendar_today

Updated On:

Products

CA Top Secret

Issue/Introduction

CA Top Secret Documentation, Install Guide, CA Top Secret for z/OS R16.0, Configure z/OS Management Facility for CA Top Secret,

Prepare  CA Top Secret Environment for z/OSMF, Update the IZUMKFS Job to Mount the z/OSMF User File System,

Step #3, indicates to change the UNIX owner and group to IZUSVRGP.

IZUSVRGP is not defined to Top Secret in the bounds of the install guide. Request explanation.

Do not see anything in are documentation to create group IZUSVRGP

ZMFAPLA( IZUDFLT.ZOSMF.SOFTWARE_DEPLOYMENT.DATA.) ACC(CONTROL)  Does this matter if it created with a dot after DATA. or should it be without the dot DATA

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

TSS CREATE(IZUSVRGP) TYPE(GROUP) NAME('IZUSVRGP GROUP') DEPT(xxxxxx)
TSS ADD(IZUSVRGP) GID(xxxxx)

The IBM RACF doc for ZMFAPLA resource's  to convert to TSS usually look something like

Call RacfCmd "RDEFINE ZMFAPLA  IZUDFLT.ZOSMF.SOFTWARE_DEPLOYMENT.DATA..** UACC(NONE)"

So with TSS no need for the **, the dot means if there was a call for DATA1.**  it would fail

TSS PER(xxxx) ZMFAPLA(IZUDFLT.ZOSMF.SOFTWARE_DEPLOYMENT.DATA.) ACC(CONTROL) 

===> tss lis(rdt) resclass(zmfapla)
ACCESSORID = *RDT*     NAME       = RESOURCE DEFINITIONS 
   RESOURCE CLASS = ZMFAPLA
    RESOURCE CODE = X'157'   POSIT =    592
        ATTRIBUTE = MASKABLE,MAXOWN(26),MAXPERMIT(246),ACCESS,PRIVPGM,MIXCASE
           ACCESS = NONE(0000),ALTER(1C00),CONTROL(0400),UPDATE(6000)
           ACCESS = READ(4000),ALL(FFFF)
           DEFACC = READ
 TSS0300I  LIST     FUNCTION SUCCESSFUL

 

Top Secret documents

https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-top-secret-for-z-os/16-0/installing/configure-z-os-management-facility-for-ca-top-secret/secure-the-z-osmf-nucleus-and-core-services-with-ca-top-secret.html