Administrative Authorities Required For TSSFAR, TSSMAINT, And TSSXTEND

Document ID : KB000048172
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

What CA Top Secret administrative authorities are required for TSSFAR, TSSMAINT, and TSSXTEND?

Solution:

For TSSMAINT:

No administrative authority is needed for the TSSMAINT utility.

For TSSXTEND:

The MSCA may run TSSXTEND. In addition, a user with one of the following authorizations may also run TSSXTEND:

* Has USE access to the TSSUTILITY.TSSXTEND entity in the CASECAUT resource class for any function but ZAP.

  • To grant a user this level of access, an administrator can issue the following command:

TSS PERMIT(user) CASECAUT(TSSUTILITY.TSSXTEND) ACCESS(USE)

* Has UPDATE access to TSSUTILITY.TSSXTEND entity in the CASECAUT resource class for using the ZAP function.

  • To grant a user this level of access, an administrator can issue the following command:

TSS PERMIT(user) CASECAUT(TSSUTILITY.TSSXTEND) ACCESS(UPDATE)

For TSSFAR:

The following users may run TSSFAR:

* The MSCA

* A user with no administrative authority may use TSSFAR if given given USE access to entity TSSUTILITY.TSSFAR in the CASECAUT resource class.

This access may be granted by an administrator using the following command:

TSS PERMIT(user) CASECAUT(TSSUTILITY.TSSFAR) ACCESS(USE)

The CASECAUT resource class for TSSUTILITY.utilityname is new in TSS r15. Before permitting, the resource must be owned:

TSS ADD(dept) CASECAUT(TSSUTILITY.)

This authority can now be used to allows users with no administrative authorities to run the following utilities:

TSSUTIL, TSSTRACK, TSSAUDIT, TSSCHART, TSSCFILE, TSSXTEND, TSSSIM, and TSSFAR

if they have the proper authority in TSSUTILITY.utilityname in the CASECAUT resource class. SCOPE limitations for utilities like TSSUTIL, TSSTRACK, TSSCHART, TSSSIM and TSSCFILE still apply.

Access to the utilities should be restricted to the MSCA and system engineers that are responsible for things like allocating new CA Top Secret files, copying the security file, and maintaining the security file. By maintaining the security file, TSSFAR has different parameters that show things like broken WHOHAS pointers, security file stats, ownership issues, etc.