How to Define a New User Started Task to CA Top Secret

Document ID : KB000027209
Last Modified Date : 14/02/2018
Show Technical Document Details


When I enter my userid and password to signon to a newly defined started task, I receive error:


on the operator console.


Whenever implementing a new started task that is a multi-user address space, the following CA Top Secret administrative action should be followed:

  1. Define the started task to the in STC table with an existing or new acid.

    TSS ADD(STC) PROCN(procname) ACID(acidname)

    This assumes that the acidname already exists. It may be necessary to create a new acid with TYPE(USER), a non-expiring password and authorization to the FACILITY(STC).



  2. Assign the FACILITY to the started task acid:

    TSS ADD(acid) MASTFAC(facname)

    The facname is either an existing FACILITY or a newly created FACILITY, already defined to the CA Top Secret Control Options File.

    To create a new FACILITY, rename an unused existing USERxx FACILITYU entry to your desired FACILITY name. This new facility can be done dynamically, via a TSS MODIFY (FAC(USERxx=NAME=newfacilityname)).

    Example :


    In order to make this change permanent, update the CA Top Secret Control Options File with the same statements entered via the TSS MODIFY command.

    Other default FACILITY attributes may also be modified at this time.

    • It is recommended that NORES attribute be changed to RES for the FACILITY via TSS MODIFY FAC(facilityname=RES)
    • Ensure that the mode is set properly via FACILITY MODE Control Option TSS MODIFY FAC(facilityname=MODE=mode)
    • Please check your existing FACILITYs and compare them to your newly created FACILITY to help ensure you are conforming to your site specific security requirements.
  3. Grant the appropriate users to the FACILITY via:

    TSS ADD(acid) FACILITY(facilityname)

    This can be done at the user, profile, or ALL record level.

  4. Restart the started task for the above changes to go into effect.

  5. Once the above steps have been completed, the started task is ready for signon by users.

This should apply to any address space where a user will need to supply a userid, and password. Whether it be a new CICS region, or any other application that will issue IBM's RACROUTE REQUEST=VERIFY macro.

Please see the CA Top Secret Control Options Guide for further details about FACILITY, MODE, RES, and NORES control option.