Do both regular cache and Seccache need to be cleared to reset a user's security environment or is the TSS REFRESH command good enough?

Release: TOPSEC00200-16-Top Secret-Security
Component:

Most of the time, TSS REFRESH is the only process necessary to rebuild a current version of the user's security environment.
When a rebuild is required, both the SECCACHE and CACHE have checks to see if the user records they hold are current.
When they are not current due to some user administration of permissions, the old records are discarded and new ones are read in and the user security environment is rebuilt to reflect the latest changes. 

With the TSS REFRESH command, there are instances where a user record may not be refreshed across all address space / jobs when requested. For example:
1) The address space is multi-user (like CICS for example) and the MAXUSER is not set large enough you can have users that are not registered to the ACID cross reference table (message TSS0962E message is displayed on console). The REFRESH process uses this table to find the user. If they are not in the table then they cannot be refreshed remotely (they would need to do the TSS REFRESH command locally themselves).

2) If the address space is unavailable for any reason (if swapped out or storage not available due to system conditions), then status messages are sent to the issuer of the REFRESH command and the address space is skipped. Again the user can typically REFRESH themselves locally in an address space by entering their own TOP SECRET REFRESH command. 

If you encounter cases where the TSS REFRESH command does not seem to be working, contact Broadcom support.

REFRESH Function—Renew ACIDs Techdoc