We have two LPAR's that share the same version of CA Top Secret. We were told that when executing the command, "TSS MODIFY(OMVSTABS)", it needs to be done on both LPARs. If CA Top Secret is shared on both LPARs, why does the "modify" command need to be executed on both systems? What would happen if information was assigned to a user acid (GROUP, DFLTGRP, UID, OMVSPGM, etc.) and the "modify" command was NOT executed on both LPARs, but just one of them?
The TSS MODIFY command only takes effect on the system where it is issued. This is true not only for OMVSTABS to refresh the OMVS tables, which are in memory on the system, but the TSS control options as well. The TSS MODIFY command does not update the security file the way the TSS PERMIT, ADD, etc commands do. So even though you are sharing the security file between systems, the TSS MODIFY command still has to be issued on each system sharing the security file in order to pick up changes. (The same is true for the TSS REFRESH command. It only takes effect on the system where it is issued.)
If the "modify" command was NOT executed on both LPARs, but just one of them, the OMVS tables on the system where the TSS MODIFY OMVSTABS command was NOT issued would not be refreshed. That system would function as though the TSS commands to add/remove the OMVS fields were never issued.
1) With CA Top Secret r15 fix RO55678 applied, the TSS MODIFY(OMVSTABS) command to refresh of OMVSTABS is no longer needed. RO55678 adds a table extension at TSS startup and automatically adds new entries to this table extension. The TSS MODIFY(OMVSTABS) command will rebuild the base table with all entries and allocate a new table extension.
2) With CA Top Secret r15 fix RO82093 applied and the security file is shared, when a UID/GID is added or removed from an ACID, the UID/GID table is automatically updated on both the local system and the other systems that are sharing the security file.
Please see the CA Top Secret Command Functions Guide for more information on the TSS MODIFY command.