Can you share a KEYRING in CA Top Secret with SMP/E Internet Service Retrieval?

Document ID : KB000126198
Last Modified Date : 06/02/2019
Show Technical Document Details
Introduction:
Can you share KEYRINGs in CA Top Secret with IBM SMPE Internet Retrieval Service?
Question:
Can you share a keyring with a group instead of individual userids? And does the keyring always have to reference an individual userid, or can a generic id somehow be substituted? 
Answer:
Each keyring must be added each user. You cannot share a keyring. 

For those users that will be running SMPE Internet Retrieval, they will need a keyring called 'SMPRING' added to their acid. And the appropriate certificates must be added to that users keyring. 

You will need to do this for every acid that will be using SMPE Internet Retrieval. 

Currently there is no way to assign a keyring to a group and then attach that group to each user that will use SMPE Internet Retrieval. 

If an application like SMPE Internet Retrieval has the ability to user another user's keyring instead of the user's keyring that was signed on to the batch job, then all your user's can share that user's keyring.

Not all application's have the ability to share and use a different user's keyring. Please refer to the products manual to determine if it has this functionality.

To authorize a user to read another user's keyring, they must be authorized for:

TSS PER(acid) IBMFAC(IRR.DIGTCERT.LISTRING) ACCESS(UPDATE)