CA Top Secret for z/OS Do you have to a TYPE(SCA) acid to issue the GENCERT command for CERTSITE?
Article ID: 40975
Top Secret - LDAP
Do you have to a TYPE(SCA) acid to issue the GENCERT command for CERTSITE?
No, the ACID will need the following administrative authorities:
Administrators must have
Security - Permissions
ACID(MAINTAIN) and MISC4(CERTGEN) for users within their scope
MISC4(CERTSITE) for CERTSITE ACID
MISC4(CERTAUTH) for CERTAUTH ACID
Administrators without the previous authorities can issue the GENCERT command if they have:
– UPDATE access to TSSCMD.CERTUSER.GENCERT in the CASECAUT resource class when the certificate is associated with a user ACID
– UPDATE access to TSSCMD.CERTSITE.GENCERT in the CASECAUT resource class when generating a site certificate
– UPDATE access to TSSCMD.CERTAUTH.GENCERT in the CASECAUT resource class when generating a certificate-authority certificate
Release: TOPSEC00200-15-Top Secret-Security