During the installation of TPX 5.5, security groups often require clarification on the specific requirements for the 'TPXADMIN' user ID within the External Security Manager (ESM), such as Top Secret (TSS).

• TPX for Z/OS

The 'TPXADMIN' user ID is a mandatory requirement for administrative access to internal TPX menu.

The following commands provides a sample template how to create a 'TPXADMIN' ID

TSS CRE(TPXADMIN) TYPE(USER) NAME('TPX ADMIN') DEPT([yourdept]) PASSWORD([password])
TSS ADDTO(TPXADMIN) FAC(TPX)
TSS ADDTO(TPXADMIN) FAC(TSO)

In release 5.5 the TPX security trace, SECDEBG, has been protected by default. This should only be run at the request of TPX support.

Further, to limit access to MEM command, a new resource class, TPXAUTH has been introduced. Resource rules need to be created in order to allow access to administrators to MEM command and security trace function as identified above.

See sample below for setting up access to TPXAUTH resource

TSS ADD(RDT) RESCLASS(TPXAUTH) ACLST(ALL,UPDATE=6000,READ,NONE)
TSS ADD([owner-id]) TPXDEMO(MEMORY)
TSS PER([user-id]) TPXAUTH(MEMORY) ACCESS(UPDATE)