How To Bypass USS Security In Warn Or Dorm Mode?

Document ID : KB000050380
Last Modified Date : 14/02/2018
Show Technical Document Details

 

Introduction:

 

We want to perform the following steps on a Disaster Recovery system:

  1. IPL with CA Top Secret in MODE(DORM). The IPL is not from the normal res packs

  2. Have emergency IBM id's defined in sys1.uads (not TSS)

  3. Emergency User's can signon

  4. Bring up TCP/IP and allow remote access

But when programmers try to bring up TCP/IP to allow remote access, they get SEC6 abend.

 

 

Instructions:

 

The issue here is that TCP/IP address space doesn't have any acid defined with an OMVS segment.

TCP/IP needs to be defined like a UNIX user. i.e needs UID() OMVSPGM() HOME() and GID().

This acid also needs:

  1. A facility TCP defined.

  2. A MASTFAC added to it.

  3. To be defined to the STC table with the acid assigned to the TCPIP proc.

We recommend to define an OMVS segment to this kind of acid rather than using CA Top Secret OMVSGRP() and OMVSUSR() control options set in the TSSPARMs with z/OS 1.13 and below, with z/OS 2.1 see CA Top Secret UNIQUSER() and MODLUSER() control options.

 

Additional Information:

 

For CA Top Secret r15.0, refer to CA Top Secret for z/OS Control Options Guide for more details about OMVSGRP() and OMVSUSR() and 

UNIQUSER() and MODLUSER() control options.

 

For CA Top Secret r16.0 go to docops.ca.com site; signon; choose your product CA Top Secret for z/OS - 16.0; click on "Using" link; then click on "Specifying Control Options to Modify Your Security Enviroment" link to have more information about OMVSGRP() and OMVSUSR() and UNIQUSER() and MODLUSER() control options.