- If you want to have more information about CA Top Secret commands, go to the link below:
The NOTES have been coped below:
*** Top Of Data ***
The #dept is one of your existing department or has to be created
You have to replace #dept with a department of your choice.
With CA Top Secret the GROUP is reserved to manage GID() only.
So, no permits can be done for a TSS GROUP. It's why it is needed
to create a TSS PROFILE to handle those permits.
You will see some additional lines with '##' in there.
These lines are commented out on purpose. You can ignore it,
except when they are there to create a PROFILE.
This PROFILE is likely used later on within this file.
Be very careful and review. You have to assess whether you want
to apply them or not. You can change the profile name to fit
your site requirement. Be careful to do it on the entire file to
keep the coherence.
With RACF the keyring and the digital certificate are known by
their label. With TSS, they are known by a TSS name.
You have to review all name given for TSS coherent among the
TSS commands to fit your site requirement.
RACDCERT ADDRING(IZUKeyring.IZUDFLT) ID(IZUSVR)
TSS ADD(IZUSVR) KEYRING(A#KeyRg) LABLRING(IZUKeyring.IZUDFLT)
Whenever the label is referenced in RACF command, A#KeyRg is
use in the equivalent TSS command.
Some TSS commands are duplicate, you can either delete them or
leave them all as they are and ignore the bad return code when
they are executed.
All change has to be done before executing these TSS commands.
*** End Of Data ***