Restrict SCA From Resetting MSCA Password In Top Secret
search cancel

Restrict SCA From Resetting MSCA Password In Top Secret

book

Article ID: 53397

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Is is possible to restrict an SCA with ACID(MAINTAIN) or MISC8(PWMAINT) from resetting the password for the MSCA ACID?

Resolution

In Top Secret R15 and above, to set a new password for the MSCA (using ADDTO or REPLACE), an SCA must have UPDATE access to entity TSSCMD.USER.cmd.MSCAPW in the CASECAUT resource class, where cmd is the command being issued. This authority is required even if the administrator already has ACID(MAINTAIN) or MISC8(PWMAINT) authority. To give this:

TSS ADD(dept) CASECAUT(TSSCMD.USER.cmd.MSCAPW)   if not already owned

TSS PERMIT(scaacid) CASECAUT(TSSCMD.USER.cmd.MSCAPW) ACCESS(UPDATE)

where 'cmd' is the command being issued (ADDTO or REPLACE).

Additional Information

See Restricted Administrative Authorities (CASECAUT Resource Class) for more information on the CASECAUT resource class.