search cancel

LSCA may ADD/REMOVE KEYRING from an acid not under scope

book

Article ID: 216589

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

LSCA0001 is an LSCA and SCAX0001 is an SCA not under the scope of LSCA0001

 

The TSS ADD or REMOVE commands done by LSCA0001 for a PROFILE fails because SCAX0001 is not under the scope of LSCA0001

 

TSS REM(SCAX0001) PROF(PROFIL01) 
TSS0352E  ACID NOT OWNED WITHIN SCOPE
TSS0301I  REMOVE   FUNCTION FAILED, RETURN CODE =  8

 

TSS ADD(SCAX0001) PROF(PROFIL01)
TSS0352E  ACID NOT OWNED WITHIN SCOPE
TSS0301I  ADD      FUNCTION FAILED, RETURN CODE =  8

 

However, the ADD or REMOVE of KEYRING is accepted:

 

TSS ADD(SCAX0001) KEYRING(RING0001) RINGDATA(CERTAUTH,ABCDE000)  USAGE(PERSONAL)      
TSS0300I  ADD      FUNCTION SUCCESSFUL



TSS REM(SCAX0001) KEYRING(RING0001) RINGDATA(CERTAUTH,ABCDE000)                            
TSS0300I  REMOVE   FUNCTION SUCCESSFUL                                                     

 

 

Why the ADD or REMOVE is not failing if SCAX0001 is not under the scope of LSCA0001 ?

 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

There is no scope checking for “KEYRING”, because keyrings are not a resource type (e.g., as resources defined in RDT)

 

LSCA0001 only needs MISC4(CERTUSER) and MISC4(CERTLIST) authority to administer.