Issue:
I found these RACF comments in IZUILSEC. Do these comments apply for TSS? IF so, can you help with the wording?
/* If your installation sets up PROTECT-ALL (RACF exit to protect */
/* all datasets) you will need to setup a CEA.* RACF profile and */
/* permit user identity. The HLQ CEA is the CEA HLQ provided */
/* during the configuration prompts. */
/* Please ensure the commands are appropriate for your */
/* environment. You may want to consider assigning an owner or */
/* group to the data set profile. */
/* If your installation protects MVS commands with RACF class */
/* OPERCMDS. you need to give the CIM Admin identity permission. */
/* This is required for the incident log verify step. */
/* This template does not have RDEFINES for these resources. */
/* If your installation doesn't define these, you will need to */
/* either define them first */
/* or change the PERMIT to a higher level qualifier. */
Resolution:
Yes it does apply. Here is the rewording. Here is my recommnendation.
/* Please PERMIT DSN(CEA) to the user identity */
/* The HLQ CEA is the CEA HLQ provided */
/* during the configuration prompts. */
/* Please ensure the commands are appropriate for your */
/* environment. */
/* If your installation protects MVS commands with resource class */
/* OPERCMDS. you need to give the CIM Admin identity permission. */
/* This is required for the incident log verify step. */
/* This template does not have TSS ADD commands to own these resources in CA Top Secret. */
/* If your installation doesn't define these, you will need to */
/* either define them first */
/* or change the PERMIT to a higher level qualifier. */