What Top Secret permits and access levels are needed to list and read a keyring within UNIX?

The permits needed to be given to the owner of the keyring are:

IBMFAC(IRR.DIGTCERT.LIST) 

and

IBMFAC(IRR.DIGTCERT.LISTRING) 

The access level depends on whether the personal (also called site) certificate is owned by the owner of the keyring or by Certsite.

If owned by the owner of the keyring than Update access is needed:

TSS PERMIT(acid) IBMFAC(IRR.DIGTCERT.LIST) ACC(UPDATE)

TSS PERMIT(acid) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(UPDATE)

If the owner of the personal/site certificate is Certsite then Control access is needed:

TSS PERMIT(acid) IBMFAC(IRR.DIGTCERT.LIST) ACC(CONTROL)

TSS PERMIT(acid) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(CONTROL)

 The personal/site certificate must be owned by the owner of the keyring or by Certsite.   If owned by another acid then the personal key will not be available to the owner of the keyring.