Is there a way to implement a new SERVAUTH resource (EZB.) with minimal impact to the system?

Release : 16.0

Component : CA Top Secret for z/OS

Start with:

TSS ADD(dept) SERVAUTH(EZB.)
TSS PER(ALL) SERVAUTH(EZB.) ACC(ALL) ACTION(AUDIT)

where 'dept' is the department ACID you want to own the resource.

ACTION(AUDIT) on a permit will log an OK+A record to the audit file when that permit is used to allow access to the resource. You can run this way for a while and periodically run TSSUTIL with:

REPORT EVENT(AUDTA) RESCLASS(SERVAUTH) RESOURCE(EZB.) END

to see the OK+A events for SERVAUTH(EZB.). From these events, you can permit the SERVAUTH resources to the users/profiles that need them. When you feel comfortable enough that all the appropriate SERVAUTH resources have been permitted, revoke the permit in the ALL record:

TSS REV(ALL) SERVAUTH(EZB.)