The TSSAUDIT batch utility allows an auditor to monitor changes to the CA Top Secret security file.
The type of security information generated by the report depends on the control statements that you specify.
When you use the CHANGES control statement you will see a report similar to this:
CHANGER DATE TIME SYSID TYPE COMMAND/IMAGE
======= ====== ====== ===== ==== =======================================
*MASTER* 12.10.15 01:02:03 XE14 CMND TSS ADD(USER1) HOME(/u/car) OMVSPGM(/bin/sh) UID(?) /*FROM OMVS AUTO ASSIGNMENT*/
The CHANGER is the ACID who made the change.
Why in TSSAUDIT output sometimes the acid *MASTER* appears in the CHANGER field ?
Release: 16.0 -Top Secret-Security
Operating System : Z/OS
Product: CA Top Secret for z/OS (All supported releases)
*MASTER*in the below examples means CA Top Secret issued the TSS command. If the MSCA name was changed then it will reflect the site specific name for the MSCA.
Example1: With zOS 2.1 and above, CA Top Secret has the ability to assign a UID to user when they signon if they don't have UID.
Behind the scenes, CA Top Secret will issue a TSS ADD(xxxx) UID(xxxx) for the user.
Example 2: Let's say a user causes too many violations. CA Top Secret will suspend the acid.
Behind the scenes a TSS ADD(xxxx) SUSPEND will be done.
When *MASTER* (or whatever the name is for the MSCA) there was an automated process done by CA Top Secret.
More information about the TSSAUDIT utility can be found in the documentation.