Access Needed For Top Secret SCA Acid To Reset MSCA Acid?
search cancel

Access Needed For Top Secret SCA Acid To Reset MSCA Acid?

book

Article ID: 32461

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

What access is needed to allow an SCA ACID to reset the password for the Master (MSCA) ACID?                                     

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

To set a new password for the MSCA using TSS ADDTO or REPLACE, an SCA must have UPDATE access to entity TSSCMD.USER.cmd.MSCAPW in the CASECAUT class, where 'cmd' is the command being issued.

For example:
TSS PERMIT(sca_acid) CASECAUT(TSSCMD.USER.REPLACE.MSCAPW) ACCESS(UPDATE)

or

TSS PER(sca_acid) CASECAUT(TSSCMD.USER.ADD.MSCAPW)  ACCESS(UPDATE)

Additional Information

https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-top-secret-for-z-os/16-0/administrating/creating-security-administrators/restricted-administrative-authorities-casecaut-resource-class.html

Powered by Wolken Software