search cancel

Need to give a user authority to define, update and delete IBMFAC and XFACILIT.

book

Article ID: 240375

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

 need to give a user authority to define, update and delete profiles in IBMFAC and XFACILIT.

How do I do that. 

Environment

Release : 16.0

Component : Top Secret for z/OS

Resolution

1. The Admin Authority RESOURCE(XAUTH) allows the administrator to PERMIT or REVOKE resources for
    acids under its scope of control. example ACCESS(READ) limits the access level
    that can be permitted to READ.
    ACCESS(ALL) can permit ALL

ACTION(ADMIN)

The ACTION(ADMIN) keyword gives the security administrator the ability to allow ACIDs 
within his scope the authority to administer resources that are not within the permitted ACID's scope. 
If an access level is not specified, Top Secret permits the default access level for that resource class.
Note: ACTION(ADMIN) is not valid for Profile type ACIDs.

(The user also needs RESOURCE(XAUTH) admin authority.)

example

=> tss per(test001) XFACILIT(HZS) acc(update) ACTION(ADMIN)
=> tss per(test001) ibmfac(LDAPTST) acc(update) ACTION(ADMIN)

-----------  ADMINISTRATION AUTHORITIES
 RESOURCE   = XAUTH
    ACCESS  = ALL
 -----------  EXTENDED ADMINISTRATION AUTHORITIES
 IBMFAC     = LDAPTST                                       
    ACCESS  = UPDATE
 XFACILIT   = HZS                                          
    ACCESS  = UPDATE

The issue with ACTION(ADMIN) is you can't issue a PER(XFACILIT or IBMFAC) all  or TSS PER() IBMFAC(*) or IBMFAC(ALL)