MODIFY Function—Display or Alter Control Options

Command Functions › MODIFY Function—Display or Alter Control Options

MODIFY Function—Display or Alter Control Options

Use the MODIFY function to perform the following activities:

Display the status of the global security environment.
Enter, change, or display CA Top Secret control options.

MODIFY requests must be made from an online terminal (for example, TSO, CICS, IMS/DC) in a z/OS and z/VSE environment. In a z/VM environment, MODIFY requests must be made from a logged‑on user ID.

Note: The MODIFY command cannot be routed through the security network using the Command Propagation Facility (CPF).

To display the status of the site security environment, this command function has the following format:

TSS MODIFY STATUS

To enter or change control options, this command function has the following format:

TSS MODIFY(control_option [(suboption_list)])

The maximum character length of the TSS MODIFY subfield is 80 characters.

Under z/VM, if the ACID issuing the TSS MODIFY command does not have the CONSOLE attribute, you must perform one of the following actions:

Enter the previous password of the MSCA.
Enter an ACID/password combination for an ACID that has CONSOLE authority.

In z/VSE, CA Top Secret only processes MODIFY requests that are issued by ACIDs with the CONSOLE attribute.

In a z/OS environment, the TSS MODIFY STATUS command can be issued by any administrator type ACID or any user with USE access to TSSCMD.ADMIN.MODIFY in the CASECAUT resource class.

To display control options, administrators and users must have one of the following authority levels:

CONSOLE attribute authority
USE access to TSSCMD.ADMIN.MODIFY in the CASECAUT resource class for issuing the following display commands:
- MODIFY VERSION
- MODIFY FAC(xxxxxxxx) where xxxxxxxx is the facility name
- MODIFY FAC(xxxxxxxx=BYPLIST) where xxxxxxxx is the facility name
- MODIFY FAC(xxxxxxxx=RXLTLIST) where xxxxxxxx is the facility name
- MODIFY CACHE(STATUS)
- MODIFY SECCACHE(STATUS)
- MODIFY STATS
- MODIFY DRC(nnn) where nnn is the detailed reason code
- MODIFY MSG(nnnn) where nnnn is the message number
- MODIFY RPW(LIST)
Note: All other commands are considered alter commands and require PRIVILEG access to TSSCMD.ADMIN.MODIFY in the CASECAUT resource class. For complete descriptions of control option keywords (such as DRC, MSG, and RPW), see the CA Top Secret Control Options Guide.

USE access is granted through the following command:
```
TSS PERMIT(acid) CASECAUT(TSSCMD.ADMIN.MODIFY) ACCESS(USE)
```
Note: USE is the default access level.

To alter control options, administrators and users must have one of the following authority levels:

CONSOLE attribute authority
PRIVILEG access to TSSCMD.ADMIN.MODIFY in the CASECAUT resource class
PRIVILEG access is granted through the following command:
```
TSS PERMIT(acid) CASECAUT(TSSCMD.ADMIN.MODIFY) ACCESS(PRIVILEG)
```

Example: Display the Status of a Security Environment

This example displays the status of a security environment:

TSS MODIFY STATUS

Example: Display Settings for the SECCACHE Control Option

This example displays the current settings for the SECCACHE control option:

TSS MODIFY SECCACHE(STATUS)

Example: Alter Settings for the LOG Control Option

This example alters the settings for the LOG control option:

TSS MODIFY LOG(INIT,SMF,SEC9,MSG)