In RACF, there is a TSO related resource called ACCTNUM used secure TSO account codes, but this resource class is not defined in the Resource Descriptor Table (RDT) in CA Top Secret. Is a user defined resource class required in the RDT?
The security calls for the ACCTNUM class are internally converted (by CA Top Secret) to use the TSOACCT resource class. TSOACCT is predefined resource class in CA Top Secret, so no user defined resource class is required.
All one- to 40-character account numbers must be owned and permitted to users wishing to use a specific number. TSO issues a security request on the account number specified at logon; if this check fails, TSO prompts the user for a new account number. Logon does not complete unless the user is authorized to an account number. Ownership and permission are required. The TSS ADD and PERMIT commands can be used to assign ownership and authorization, respectively, to TSOACCT resources.
TSS ADDTO(dept) TSOACCT(nnnnnn)
TSS PERMIT(acid) TSOACCT(nnnnnn)
- 'dept' is the department to own the resource
- 'nnnnnn' is the account number. TSOACCT allows up to 8 characters in the TSS ADD command and up to 44 characters in the TSS PERMIT command
- 'acid' is the user's acid, an attached profile, or the ALL record if all users should be allowed access
Additional information regarding the TSOACCT resource class can be found here: