Authority Needed To Shutdown/Restart Top Secret Started Task
search cancel

Authority Needed To Shutdown/Restart Top Secret Started Task

book

Article ID: 226826

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

When doing a P TSS to do a temporary shutdown of Top Secret, the following prompt is sometimes issued:

TSS9080A ENTER OPERATOR ID/PASSWORD FOR MODIFY ACCOUNTABILITY

What authorizations/permissions are need on the 'ID' specified in the reply in order to shutdown/restart the Top Secret started task (STC). Some examples of when this is needed:

  • Implement changes in the Top Secret parameter file.
  • Applying Top Secret maintenance.

    Why is the prompt issed sometimes and not others?

Resolution

The WTOR (TSS9080A) is issued when:
1) No acid is defined for the console OR
2) An acid is defined for the console but it doesn't have the CONSOLE attribute or PRIVILEG access to CASECAUT(TSSCMD.ADMIN.MODIFY).

When replying to the TSS9080A, the userid in the 'userid/password' specified needs 1 of the following to shut down Top Secret:

1) CONSOLE attribute (TSS ADD(acid) CONSOLE ).
2) PRIVILEG access to TSSCMD.ADMIN.MODIFY in the CASECAUT resource class:

TSS PER(acid) CASECAUT(TSSCMD.ADMIN.MODIFY) ACC(PRIVILEG)

Either of the above on an ACID allows the ACID to modify Top Secret control options via F TSS,xxx from the console or TSS MODIFY xxx from anywhere a TSS command can be issued (ie option 6 of TSO) as well as shutdown Top Secret.

The reason that the TSS9080A message is sometimes issued and not others depends on whether the Console name matches the user perfoming the shut down.  If the user and the Console name match then the user does not have to verify their credentials(password). 
For example: 

You can specify in the CONSOLxx member of SYS1.PARMLIB

        LOGON(AUTO),  
        NAME(CONUSER),  
 
and CONUSER will be logged onto the console.
 
Or, you can issue the LOGON command form the console and that userid will be used and the Console and the user will match:
 
LOGON
 
IEE187I ENTER LOGON PARAMETERS  
LOGON          PASSWORD        
GROUP          SECLABEL        
 
The CONSOLE address space saves the security environment for users that logon to the console (using an ENVROUT area
extracted from the users security environment.
So if you logoff a user from the console
LOGOFF
the console address space remembers the last userid used and will use that for the next verification, the TSS9080A message will not be issued.