TSS Refresh(Region acid) Doesn't work.

Document ID : KB000049953
Last Modified Date : 14/02/2018
Show Technical Document Details

 

Question:

 

Why a permission to a region acid of a started task does only take effect when it is paused and then started again?

The CA Top Secret command: TSS REFRESH of the acid does not seem to work.

 

Answer:

 

The issue will be issue, if a end-user application uses the region Acid to do security check at task level.

I.e. create a security environment for a TCB (Task Control Block). In other words performs a sign-on and anchors the ACEE address to the TCBSENV field.

When a security call occurs without a security environment passed along, CA Top Secret searches for a security environment to make this validation.

To do this CA Top Secret:

  1. First checks whether there is a security environment at task level.

  2. If it doesn't exist, CA Top Secret will check the region level.

And here, there is a security environment at task (TCB) level. So CA Top Secret used it to make the validation regardless of the security environment at region level.

Generally when you modify an acid security environment, i.e. giving or removing authorization, you can use the TSS REFRESH command to make the changes effective immediately.

In this case, it doesn't work because TSS REFRESH doesn't scan the TCBs. CA Top Secret only scan the security environment at the region (Address space) level and its "security environment cross table" in a multi users region to refresh acid. The REFRESH command also works for 3rd-party racheck.

If this TCB doesn't have a security environment, CA Top Secret will take the region security environment to make the validation and it would work.

 

Additional Information:

 

 

 For CA Top Secret r15.0, refer to CA Top Secret for z/OS Command Guide; chapter #2 Command Functions --> REFRESH function for more details about REFRESH command.

 

For CA Top Secret r16.0 go to docops.ca.com site; signon; choose your product CA Top Secret for z/OS - 16.0; click on "Using" link; then click on "Issuing Commands to communicate Administrative requirements" link; then click on "Command Functions"; then click on "REFRESH Function" link to have more information about REFRESH command.