Cross authorized ACIDS's

book

Article ID: 209942

calendar_today

Updated On:

Products

CA Top Secret

Issue/Introduction

If an acid is cross authorized with a profile example:  

ACCESSORID = PROFILE1   NAME  =Test Profile

TYPE       = PROFILE   SIZE       =     7936  BYTES

LAST MOD   = xx/xx/21 

XA ACID    = TEST001

Does this mean that TEST001 is using the resources of the profile?  Need to know if we can delete this profile?

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

XA ACID= TEST001 means it IS a resource and all the ACIDS that have Prof(PROFILE1) have access to TEST001, a command:
 TSS PER(PROFILE1) ACID(TEST001) was issued

To grant access to the Profile a TSS ADD(acid) PROF(PROFILE1)

example Acids BESTBUY2, 3 and 4 can access BESTBUY1:

ACCESSORID = PROFILE1  NAME       = PROFILE1
 TYPE       = PROFILE   SIZE       =      512  BYTES
 DEPT ACID  = DUMMYD    DEPARTMENT = ME ME
 DIV ACID   = DUMMYV    DIVISION   = DUMMY DIVISION

XA ACID    = BESTBUY1                                     
 XA DATASET = MARKTING                                  
    ACCESS  = READ

ACIDS  =    BESTBUY2    BESTBUY3    BESTBUY4

 1) TSS LIST(PROFILE1) DATA(ACIDS) will show the acids that have the profile. So 

1) The most common reason that a PROFILE changed its Last Mod date is because the profile is given to an acid.  

2) It would also change if the PROFILE was removed from an acid or if an acid that has the profile is deleted.

3) If the PROFILE has a permit that expired (a permit with FOR or UNTIL), then the MSCA does a under the covers revoke and the profile's LastModified Date gets updated.

4) If you have PROFILE acid that owns resource(which would be unusual) 
but if there is a permit or revoke done for that resource, the
PROFILE acid gets updated....

1) TSS LIST(PROFILE1) DATA(ACIDS) will show the acids that have the profile.
2) TSS has a TSSAUDIT utility that can be run with CHANGES control statement.