search cancel

Permissions needed for virtual keyring access in Top Secret

book

Article ID: 215676

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

 

 Websphere is unable to connect to DMGR via wsadmin.sh.  The user in question has the following permissions on an underlying profile -

XA IBMFAC  = IRR.DIGTCERT.GENCERT  
   ACCESS  = CONTROL               
XA IBMFAC  = IRR.DIGTCERT.LIST     
   ACCESS  = READ                  
XA IBMFAC  = IRR.DIGTCERT.LISTRING 
   ACCESS  = UPDATE                

What access does a user need to access a virtual keyring?   
Return code 8,8,84 is received which means: The keyring profile for RACF_user_ID/Ring_name or z/OS PKCS #11 token is not found; or, the virtual key ring user ID does not exist.

 

 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

You have to tell the application that you are using a Virtual Keyring and have permission to do so.
That would be done by issuing the following commands:

 TSS ADD(dept) RDATALIB(CERTAUTH.IRR_VIRTUAL) (if not already done)     
TSS PER(serveracid) RDATALIB(CERTAUTH.IRR_VIRTUAL_KEYRING.LST) ACC(READ)