search cancel

How To Bypass USS Security In Warn Or Dorm Mode?

book

Article ID: 50380

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

 

Introduction:

 

We want to perform the following steps on a Disaster Recovery system:

  1. IPL with CA Top Secret in MODE(DORM). The IPL is not from the normal res packs

  2. Have emergency IBM id's defined in sys1.uads (not TSS)

  3. Emergency User's can signon

  4. Bring up TCP/IP and allow remote access

But when programmers try to bring up TCP/IP to allow remote access, they get SEC6 abend.

 

 

Instructions:

 

The issue here is that TCP/IP address space doesn't have any acid defined with an OMVS segment.

TCP/IP needs to be defined like a UNIX user. i.e needs UID() OMVSPGM() HOME() and GID().

This acid also needs:

  1. A facility TCP defined.

  2. A MASTFAC added to it.

  3. To be defined to the STC table with the acid assigned to the TCPIP proc.

We recommend to define an OMVS segment to this kind of acid rather than using CA Top Secret OMVSGRP() and OMVSUSR() control options set in the TSSPARMs with z/OS 1.13 and below, with z/OS 2.1 see CA Top Secret UNIQUSER() and MODLUSER() control options.

 

Additional Information:

 

For CA Top Secret r15.0, refer to CA Top Secret for z/OS Control Options Guide for more details about OMVSGRP() and OMVSUSR() and 

UNIQUSER() and MODLUSER() control options.

 

For CA Top Secret r16.0 go to docops.ca.com site; signon; choose your product CA Top Secret for z/OS - 16.0; click on "Using" link; then click on "Specifying Control Options to Modify Your Security Enviroment" link to have more information about OMVSGRP() and OMVSUSR() and UNIQUSER() and MODLUSER() control options.

 

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: