TSS Refresh(Region acid) Doesn't work.
search cancel

TSS Refresh(Region acid) Doesn't work.

book

Article ID: 49953

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

 

Question:

 

Why a permission to a region acid of a started task does only take effect when it is paused and then started again?

The CA Top Secret command: TSS REFRESH of the acid does not seem to work.

 

Answer:

 

The issue will be issue, if a end-user application uses the region Acid to do security check at task level.

I.e. create a security environment for a TCB (Task Control Block). In other words performs a sign-on and anchors the ACEE address to the TCBSENV field.

When a security call occurs without a security environment passed along, CA Top Secret searches for a security environment to make this validation.

To do this CA Top Secret:

  1. First checks whether there is a security environment at task level.

  2. If it doesn't exist, CA Top Secret will check the region level.

And here, there is a security environment at task (TCB) level. So CA Top Secret used it to make the validation regardless of the security environment at region level.

Generally when you modify an acid security environment, i.e. giving or removing authorization, you can use the TSS REFRESH command to make the changes effective immediately.

In this case, it doesn't work because TSS REFRESH doesn't scan the TCBs. CA Top Secret only scan the security environment at the region (Address space) level and its "security environment cross table" in a multi users region to refresh acid. The REFRESH command also works for 3rd-party racheck.

If this TCB doesn't have a security environment, CA Top Secret will take the region security environment to make the validation and it would work.

 

Additional Information:

 

 

 For CA Top Secret r15.0, refer to CA Top Secret for z/OS Command Guide; chapter #2 Command Functions --> REFRESH function for more details about REFRESH command.

 

For CA Top Secret r16.0 go to docops.ca.com site; signon; choose your product CA Top Secret for z/OS - 16.0; click on "Using" link; then click on "Issuing Commands to communicate Administrative requirements" link; then click on "Command Functions"; then click on "REFRESH Function" link to have more information about REFRESH command.

 

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:
Powered by Wolken Software