What are the Top Secret equivalents of the following RACF commands:

PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(userid) ACCESS(CONTROL)

RACDCERT CERTAUTH LIST(SERIALNUMBER(00) +
SUERSDN('CN=STG Code Signing CA - G2.OU=IBM Code Signing.O=IBM Corp+
 oration.C=US')

RACDCERT CERTAUTH +
 ALTER(LABEL('STG Code Signing CA - G2')) TRUST

RACDCERT ID(userid) ADDRING(IBM.package.signature.verification)
RACDCERT ID(userid) CONNECT( CERTAUTH +
 LABEL('STG Code Signing CA - G2') +
 RING(IBM.package.signature.verification) +
 USAGE(CERTAUTH) )

PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(userid) ACCESS(READ)

SETROPTS CLASSACT(DIGTCERT DIGTRING)

SETROPTS RACLIST(DIGTCERT DIGTRING) REFRESH

Here are the RACF commands and the Top Secret equivalent commands (in red):

PERMIT IRR.DIGTCERT.LIST CLASS(FACILITY) ID(userid) ACCESS(CONTROL)

TSS Equivalent:
TSS PERMIT(userid) IBMFAC(IRR.DIGTCERT.LIST) ACCESS(CONTROL)

RACDCERT CERTAUTH LIST(SERIALNUMBER(00) +
SUERSDN('CN=STG Code Signing CA - G2.OU=IBM Code Signing.O=IBM Corp+
 oration.C=US')

TSS Equivalent
TSS LIST(CERTAUTH) DIGICERT(digicert)

where 'digicert' is the certificate name for the STG Code Signing Certificate Authority - G2 certificate

RACDCERT CERTAUTH +
 ALTER(LABEL('STG Code Signing CA - G2')) TRUST

TSS Equivalent
TSS ADD(CERTAUTH) DIGICERT(digicert) TRUST

RACDCERT ID(userid) ADDRING(IBM.package.signature.verification)
RACDCERT ID(userid) CONNECT( CERTAUTH +
 LABEL('STG Code Signing CA - G2') +
 RING(IBM.package.signature.verification) +
 USAGE(CERTAUTH) )

TSS Equivalent
TSS ADD(userid) KEYRING(ringname) LABLRING('IBM.package.signature.verification')
TSS ADD(userid) KEYRING(ringname) RINGDATA(CERTAUTH,digicert) USAGE(CERTAUTH)

PERMIT IRR.DIGTCERT.LISTRING CLASS(FACILITY) ID(userid) ACCESS(READ)

TSS Equivalent
TSS PERMIT(userid) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(READ)

SETROPTS CLASSACT(DIGTCERT DIGTRING)

No TSS Equivalent. Not required in Top Secret.

SETROPTS RACLIST(DIGTCERT DIGTRING) REFRESH

No TSS Equivalent. Not required in Top Secret.