CA Top Secret for z/OS Do you have to a TYPE(SCA) acid to issue the GENCERT command for CERTSITE?

book

Article ID: 40975

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

Question:
 
Do you have to a TYPE(SCA) acid to issue the GENCERT command for CERTSITE?
 
Answer:
 
No, the ACID will need the following administrative authorities: 
 
Administrators must have 
Security - Permissions 
ACID(MAINTAIN) and MISC4(CERTGEN) for users within their scope 
MISC4(CERTSITE) for CERTSITE ACID 
MISC4(CERTAUTH) for CERTAUTH ACID 
 
Administrators without the previous authorities can issue the GENCERT command if they have: 
– UPDATE access to TSSCMD.CERTUSER.GENCERT in the CASECAUT resource class when the certificate is associated with a user ACID 
– UPDATE access to TSSCMD.CERTSITE.GENCERT in the CASECAUT resource class when generating a site certificate 
– UPDATE access to TSSCMD.CERTAUTH.GENCERT in the CASECAUT resource class when generating a certificate-authority certificate 
 
Additional Information:
 
 
 

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: