Permit mode question

Document ID : KB000033692
Last Modified Date : 14/02/2018
Show Technical Document Details


We want to issue a TSS PERMIT for CA View reports with ACCESS(NONE) and MODE(WARN) so access could continue while I contact the users and have them request approval.





There is no way to code a rule in WARN mode, ie ACTION(WARN) is not valid on a TSS PERMIT command. (Only ACTION(FAIL) is valid.)

In FAIL mode, once the resource is defined to CA Top Secret or the DEFPROT attribute is set on the resource class, a user must be explicitly permitted to access to the resource. 


For this situation, the following action is recommended: 

TSS PER(ALL) class(SpecificResource) ACCESS(ALL) ACTION(AUDIT) 
and run TSSUTIL report:


Additional Information:

Refer to the CA Top Secret Command Functions Guide and CA Top Secret User Guide for information regarding the TSS PERMIT command.

Refer to the CA Top Secret Report & Tracking Guide for information regarding the TSSUTIL utility.