ITOM (IBM Tivoli Output Manager for z/OS) is being installed and their documentation has the following with RACF commands. What are the Top Secret equivalent commands?

Security requirements
In order to access Output Manager, the remote LPAR/DB2 subsystem requires the
same security privileges that it requires to access the collector environment. Any
time you add, delete, or change the security definitions related to Output Manager,
you must refresh the RACF class on both LPARs. To do so, issue the following
command on each LPAR that Output Manager viewing (of reports and archive)
and administration occurs:

SETROPTS RACLIST(XFACILIT|FACILITY) REFRESH

Provide Output Manager with READ access to the EZBDOMAIN resource:
1. In the SERVAUTH class, locate the EZBDOMAIN resource profile. If the
EZBDOMAIN resource profile does not exist, create it. The following is an
example of defining the EZBDOMAIN resource in RACF:

SETROPTS CLASSACT(SERVAUTH)
SETROPTS RACLIST (SERVAUTH)

Note: The SERVAUTH class must be active and RACLISTed.

2. Define the EZBDOMAIN profile and customize the APPLDATA field to contain
the security domain name for the SYSPlex:

RDEFINE SERVAUTH EZBDOMAIN APPLDATA(’security_domain_name’)

3. Provide the user ID or Group of the Output Manager started task READ access
to the EZBDOMAIN profile:

PERMIT EZBDOMAIN CLASS(SERVAUTH) ID(BJTSTCU) ACCESS(READ)

4. Refresh the SERVAUTH class to activate the changes:

SETROPTS RACLIST(SERVAUTH) REFRESH

Release : 16.0

Component : CA Top Secret for z/OS

The Top Secret equivalents of the RACF commands are:

TSS ADD(dept) SERVAUTH(EZBDOMAI)   (The SERVAUTH resource class only allows a maximum of 8 characters in the resource name for a TSS ADD command.)

TSS PERMIT(BJTSTCU) SERVAUTH(EZBDOMAIN) ACCESS(READ) APPLDATA(’security_domain_name’)