The differences between FACILITY and MASTFAC
What is the difference between FACILITY and MASTFAC?
You assign FACILITYs to address spaces so you can have different security settings for each address space.
It also allows you to control where users can signon.
Example you can put one address space in WARN MODE because its used for testing. While another is in FAIL MODE, because it is a production address space. Another example is, you have program security in one CICS but another CICS doesn’t have program security.
MASTFAC assigns the FACILITY to be used with the address space. You put MASTFAC on the acid that starts up the address space.
TSS ADDTO(IZUUSER) MASTFAC(ZOSMF)
So if you bring up an address space with IZUUSER acid as the region acid, FACILITY ZOSMF will be assigned to it.
Then any one trying to signon to that address space will need authorized to FACILITY ZOSMF or they will not be able to signon within the address space.
TSS ADDTO(IZUGUEST) FACILITY(ZOSMF)
You create the FACILITY in CA Top Secret Control Options file via the TSSPARMS member. That is where you control all the security setting for each FACILITY.