need to give a user authority to define, update and delete profiles in IBMFAC and XFACILIT.
How do I do that.
Release : 16.0
Component : Top Secret for z/OS
1. The Admin Authority RESOURCE(XAUTH) allows the administrator to PERMIT or REVOKE resources for
acids under its scope of control. example ACCESS(READ) limits the access level
that can be permitted to READ.
ACCESS(ALL) can permit ALL
ACTION(ADMIN)
The ACTION(ADMIN) keyword gives the security administrator the ability to allow ACIDs
within his scope the authority to administer resources that are not within the permitted ACID's scope.
If an access level is not specified, Top Secret permits the default access level for that resource class.
Note: ACTION(ADMIN) is not valid for Profile type ACIDs.
(The user also needs RESOURCE(XAUTH) admin authority.)
example
=> tss per(test001) XFACILIT(HZS) acc(update) ACTION(ADMIN)
=> tss per(test001) ibmfac(LDAPTST) acc(update) ACTION(ADMIN)
----------- ADMINISTRATION AUTHORITIES
RESOURCE = XAUTH
ACCESS = ALL
----------- EXTENDED ADMINISTRATION AUTHORITIES
IBMFAC = LDAPTST
ACCESS = UPDATE
XFACILIT = HZS
ACCESS = UPDATE
The issue with ACTION(ADMIN) is you can't issue a PER(XFACILIT or IBMFAC) all or TSS PER() IBMFAC(*) or IBMFAC(ALL)