Is there a way to implement a new SERVAUTH resource (EZB.) with minimal impact to the system?
Release : 16.0
Component : CA Top Secret for z/OS
TSS ADD(dept) SERVAUTH(EZB.)
TSS PER(ALL) SERVAUTH(EZB.) ACC(ALL) ACTION(AUDIT)
where 'dept' is the department ACID you want to own the resource.
ACTION(AUDIT) on a permit will log an OK+A record to the audit file when that permit is used to allow access to the resource. You can run this way for a while and periodically run TSSUTIL with:
REPORT EVENT(AUDTA) RESCLASS(SERVAUTH) RESOURCE(EZB.) END
to see the OK+A events for SERVAUTH(EZB.). From these events, you can permit the SERVAUTH resources to the users/profiles that need them. When you feel comfortable enough that all the appropriate SERVAUTH resources have been permitted, revoke the permit in the ALL record:
TSS REV(ALL) SERVAUTH(EZB.)