What are the Top Secret equivalents of the following RACF commands for DB2 ENCRYPT_DATAKEY

1) Setup the RACF classes and define a generic RACF profile for all key labels

SETR CLASSACT(CSFKEYS CSFSERV CRYPTOZ)
SETR GENERIC(CSFKEYS CSFSERV CRYPTOZ)
SETR RACLIST(CSFKEYS CSFSERV CRYPTOZ)
RDEFINE CSFKEYS * UACC(NONE) ICSF(SYMCPACFWRAP(YES) SYMCPACFRET(YES))

2) Permit the use of a specific key label

PERMIT xxxx.yyyy.zzzz CLASS(CSFKEYS) ID(userid) ACCESS(READ)
SETR RACLIST(CSFKEYS CSFSERV CRYPTOZ) REFRESH

1) Define the CSFKEYS resource to Top Secret

TSS ADD(dept) CSFKEYS(xxxx)    

Where ‘xxxx’ is a prefix of the CSFKEYS resource name(s) you want to define (up to 26 characters can be specified in the resource name on the TSS ADD command for the CSFKEYS resource class). For example, to be able to permit the resource in #2, a prefix of the resource must be owned:

TSS ADD(dept) CSFKEYS(xxxx.yyyy.zzzz)

2) Permit the use of a specific key label

TSS PERMIT(userid) CSFKEYS(xxxx.yyyy.zzzz) ACCESS(READ) SYMCPACFWRAP(YES) SYMCPACFRET(YES)
TSS REFRESH(userid) JOBNAME(*)

(Up to 246 characters can be specified in the resource name on the TSS PERMIT command for the CSFKEYS resource class.)