How to limit an administrative acid so it can only reset passwords?
search cancel

How to limit an administrative acid so it can only reset passwords?

book

Article ID: 44921

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

Question:

Is there a way to limit an administrative acid so it can only reset passwords?

Answer:

Do 1 of the following: 

1) TSS ADD(dept) CASECAUT(TSSCMD.USER.REPLACE.PASSWO) (if not already owned) 

The TSS ADD command is limited to 26 character resource names for CASECAUT. 

TSS PER(acid) CASECAUT(TSSCMD.USER.REPLACE.PASSWORD) 

2) Or give the acid MISC8(PWMAINT) admin authority, which authorizes the administrator to do password maintenance on acids within their scope. This will allow the use of the PASSWORD keyword on any command, or the SUSPEND keyword on the REMOVE command, without specifying ACID(MAINTAIN) or MISC1(SUSPEND). 

Additional Information:

Please see the CA Top Secret User Guide for more information on the CASECAUT resource class and the MISC8(PWMAINT) admin authority.

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: