ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
CA Top Secret for z/OS Do you have to a TYPE(SCA) acid to issue the GENCERT command for CERTSITE?
Article ID: 40975
Top Secret - LDAP
Do you have to a TYPE(SCA) acid to issue the GENCERT command for CERTSITE?
No, the ACID will need the following administrative authorities:
Administrators must have
Security - Permissions
ACID(MAINTAIN) and MISC4(CERTGEN) for users within their scope
MISC4(CERTSITE) for CERTSITE ACID
MISC4(CERTAUTH) for CERTAUTH ACID
Administrators without the previous authorities can issue the GENCERT command if they have:
– UPDATE access to TSSCMD.CERTUSER.GENCERT in the CASECAUT resource class when the certificate is associated with a user ACID
– UPDATE access to TSSCMD.CERTSITE.GENCERT in the CASECAUT resource class when generating a site certificate
– UPDATE access to TSSCMD.CERTAUTH.GENCERT in the CASECAUT resource class when generating a certificate-authority certificate
Release: TOPSEC00200-15-Top Secret-Security