Translating HSM RACF Commands Required to CA Top Secret TSS Commands?

Document ID : KB000054787
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Need to secure HSM with CA Top Secret. HSM documentation only provides RACF examples. See Below:

RDEFINE FACILITY STGADMIN.ARC.ENDUSER.* UACC(READ)
RDEFINE FACILITY STGADMIN.ARC.* UACC(NONE)
PERMIT STGADMIN.ARC.* CLASS(FACILITY) ID(userid) ACCESS(READ)
SETR GLOBAL(FACILITY) REFRESH
SETR GENERIC(FACILITY) REFRESH
SETR RACLIST(FACILITY) REFRESH

Solution:

The RACF commands assumes that the HSM started task acid has been created. It has not been previously created, please use the following example commands to create it.

TSS CREATE(archive) NAME('HSM REG ACID') TYPE(USER) DEPARTMENT(dept)
PASSWORD(NOPW,0) FACILITY(STC) MASTFAC(HSM) NODSNCHK NORESCHK NOVOLCHK
NOSUBCHK NOLCFCHK
TSS ADDTO(STC) PROCNAME(hsm) ACID(archive)

The RACF commands converted to CA Top Secret commands are:

TSS ADD(dept) IBMFAC(STGADMIN)
TSS PER(ALL) IBMFAC(STGADMIN.ARC.ENDUSER.) ACC(READ)
TSS PER(userid) IBMFAC(STGADMIN.ARC.) ACC(READ)

Please refer to "Chapter 5: Non-CA Products" in the CA Top Secret Implementation:Others Guide for additional information on securing HSM.

Please refer to "Appendix B: RACF to CA Top Secret Translation" in the CA Top Secret Cookbook for details on translating RACF commands to CA Top Secret.