search cancel

Impact on removing SCA ACID

book

Article ID: 254382

calendar_today

Updated On:

Products

Top Secret - VSE Top Secret

Issue/Introduction

Have one of SCA which resigned from the bank, this SCA admin a lot of Profiles and Facilities, if we remove this SCA then the Profiles and Facilities will be gone, and will cause a lot of problems. Really want to remove this SCA acid, and need to know how to transfer the ADMIN BY of this SCA acid to other first before remove this SCA acid.

 

  

Environment

Release : 3.0, 16.0

Resolution

  • Regarding wanting to remove this SCA acid, and need to know how to transfer the ADMIN BY of this SCA acid to other first before remove this SCA acid?

Answer:

You don't transfer it's a Control Option so any Sec Admin doing a create, permit, add....ect will show who (what ACID) issued the command 

example:

TSS ADD(acid) FAC(facname)
then
 TSS LIST(acid)....will show who issued the command and when they did it

FACILITY   = facname
    ADMIN BY= BY(acid    )    SMFID(xxxx)   ON(mm/dd/yyyy)  AT(hh:mm:ss)

ADMINBY—Record Administration Information

If you have the ADMINBY control option set, there will be ADMINBY
 information stored when an ACID is CREATEd, when FACILITY is ADDed,
 and when resources are PERMITTed. when you list the profile, the
 ADMINBY information will include:
 * Administrative ACID who performed the change
 * Date, time and system SMFID where the change was performed
 
 To see if you have the ADMINBY control option set, you can issue
 TSS MODIFY and look for ADMINBY(YES). (If you see ADMINBY(NO), then
 this is not set.)

******************************************************************************************

  • Regarding having one of SCA which resigned from the bank, this SCA admin a lot of Profiles and Facilities, if we remove this SCA then the Profiles and Facilities 
    will gone, and will cause a lot of problems.

Answer:
Profile and Facilities  Should not cause  problem, Profiles are normally Owned by a Department .
If they want to be safe just they can create a new acid for the replacement. 

TSS CRE(new SCA) USING(old SCA) NAME('new name') pass(xxx) ect....

They need to determine why the SCA needed all the Profile and Facilities, list out the Profiles and see who owns them and what other ACIDS are attached.

Was this client's job only to be a Sec Admin or was this a side job and the client also had another job and the Profile and Facilities were needed for that second job...they need to investigate.

TSS LIS(PROF) DATA(ALL)
example this shows only 1 SCA has it notice DEPT ACID  = CMGR3DPT  OWNS it:

ACCESSORID = CMAD3PRF  NAME       = CMGR ADMIN PROFILE
 TYPE       = PROFILE   SIZE       =      512  BYTES
 DEPT ACID  = CMGR3DPT  DEPARTMENT = CMGR DEPARTMENT
 CREATED    = 09/08/14  17:23  LAST MOD   = 09/08/14  17:23
 XA DTUTIL  = CM3MUF.                                       OWNER(CMDC3DPT)
    ACCESS  = ALL
 XA DTADMIN = CM3MUF.                                       OWNER(CMDC3DPT)
    ACCESS  = ALL
 XA DATASET = CHORINST.CHRSEC.DCOM.CAAXLOAD                 OWNER(DSI3DPT )
    ACCESS  = READ
 XA DATASET = CHRSEC.CHRSEC30.CM3MUF.                       OWNER(LDAP3DPT)
    ACCESS  = ALL
 XA DATASET = CHRSEC.CHRSEC30.CM3MUF.DB.                    OWNER(LDAP3DPT)
    ACCESS  = ALL
 XA DATASET = CHRSEC.CHRSEC30.CM3MUF.MUF.CUSLIB             OWNER(LDAP3DPT)
    ACCESS  = READ
 XA DCTABLE = CM3MUF.                                       OWNER(LDAP3DPT)
    ACCESS  = ALL
 ACIDS      = HOGWA01 -SC
 
 TSS0300I  LIST     FUNCTION SUCCESSFUL