We execute utility TSSFAR once in a quarter to pre-emptively verify the physical health of the SECFILE.
TSSFAR needs to have SECFILE-encryption-KEY specified in //INPUT file.
In our company's policy - The encryption-KEY has to be kept as disclosed as possible.
Is there a possibility to run the TSSFAR utility without key (using the current and SMPE-accepted encyption key in TSS-Code) or without the encryption key in clear text.
you may code your JCL as it follows, e.g.:
// JOB (ACCT#),
//TSSFAR EXEC PGM=TSSFAR
//SYSPRINT DD SYSOUT=*
//SECFILE DD DISP=SHR,DSN=TSS.SECFILE
//INPUT DD *
// DD DISP=SHR,DSN=Your.dataset(TSSKEY)
With member TSSKEY containing:
KEY=xxxxxxxxxxxxxxxx <== your encryption key
ACID01 doesn't have access to Your.dataset(TSSKEY), but a permit acid acid for ACID02
ACID02 have read access to Your.dataset(TSSKEY) and the admin authority to run TSSFAR.