TSS Refresh(Region acid) Doesn't work.


Article ID: 49953


Updated On:


CA Cleanup CA Datacom CA DATACOM - AD CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE





Why a permission to a region acid of a started task does only take effect when it is paused and then started again?

The CA Top Secret command: TSS REFRESH of the acid does not seem to work.




The issue will be issue, if a end-user application uses the region Acid to do security check at task level.

I.e. create a security environment for a TCB (Task Control Block). In other words performs a sign-on and anchors the ACEE address to the TCBSENV field.

When a security call occurs without a security environment passed along, CA Top Secret searches for a security environment to make this validation.

To do this CA Top Secret:

  1. First checks whether there is a security environment at task level.

  2. If it doesn't exist, CA Top Secret will check the region level.

And here, there is a security environment at task (TCB) level. So CA Top Secret used it to make the validation regardless of the security environment at region level.

Generally when you modify an acid security environment, i.e. giving or removing authorization, you can use the TSS REFRESH command to make the changes effective immediately.

In this case, it doesn't work because TSS REFRESH doesn't scan the TCBs. CA Top Secret only scan the security environment at the region (Address space) level and its "security environment cross table" in a multi users region to refresh acid. The REFRESH command also works for 3rd-party racheck.

If this TCB doesn't have a security environment, CA Top Secret will take the region security environment to make the validation and it would work.


Additional Information:



 For CA Top Secret r15.0, refer to CA Top Secret for z/OS Command Guide; chapter #2 Command Functions --> REFRESH function for more details about REFRESH command.


For CA Top Secret r16.0 go to docops.ca.com site; signon; choose your product CA Top Secret for z/OS - 16.0; click on "Using" link; then click on "Issuing Commands to communicate Administrative requirements" link; then click on "Command Functions"; then click on "REFRESH Function" link to have more information about REFRESH command.



Release: TOPSEC00200-15-Top Secret-Security