Need to secure HSM with Top Secret. HSM documentation only provides RACF examples.   

RDEFINE FACILITY STGADMIN.ARC.ENDUSER.* UACC(READ)
RDEFINE FACILITY STGADMIN.ARC.* UACC(NONE)
PERMIT STGADMIN.ARC.* CLASS(FACILITY) ID(userid) ACCESS(READ)
SETR GLOBAL(FACILITY) REFRESH
SETR GENERIC(FACILITY) REFRESH
SETR RACLIST(FACILITY) REFRESH

The RACF commands assume that the HSM started task acid has been created. If it has not been previously created, please use the following example commands to create it.

TSS CREATE(acid) NAME('HSM REG ACID') TYPE(USER) DEPARTMENT(dept)
PASSWORD(NOPW,0) FACILITY(STC) MASTFAC(HSM) NODSNCHK NORESCHK NOVOLCHK
NOSUBCHK NOLCFCHK
TSS ADDTO(STC) PROCNAME(hsm) ACID(acid)

The RACF commands converted to Top Secret commands are:

TSS ADD(dept) IBMFAC(STGADMIN)
TSS PER(ALL) IBMFAC(STGADMIN.ARC.ENDUSER.) ACC(READ)
TSS PER(userid) IBMFAC(STGADMIN.ARC.) ACC(READ)

 

CR24 - EKB