How to secure access to SECDEBG?

Document ID : KB000074496
Last Modified Date : 27/03/2018
Show Technical Document Details
Introduction:
SECDEBG is a delivered script delivered with CA TPX that is used to trace communication between TPX and external security during the user signon process.
Question:
What are the recommendations for securing who can access the SECDEBG ACL within CA TPX?
Answer:
First, this ACL is only run from within TPXOPER. You can check who has this Operator authority with TPX batch. See this KB article for instructions on how to do this: 
How can I identify all users that have any administration authority within CA TPX? (Document ID : KB000011324) 
https://comm.support.ca.com/kb/how-can-i-identify-all-users-that-have-any-administration-authority-within-ca-tpx/kb000011324 

There is an option within the Command Authorization Class (CMDT) to restrict submitting any ACL but it our opinion that this would be too restrictive to implement across the board. 

Finally, the only other suggestion we have is to perhaps create a custom version of SECDEBG that starts with a userid check. 
--- Keep custom ACLs in a PDS concatenated ahead of the delivered CB0VSCRI in your ACLLIB DD. 
--- Can also add security rules to restrict access to this library. 
--- The only caveat is that you have to ensure any future changes to SECDEBG are incorporated into your custom version, but it does not change too often.